<!DOCTYPE html>
<html class='v2' dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>
<head>
<link href='https://www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css' rel='stylesheet' type='text/css'/>
<meta content='width=1100' name='viewport'/>
<meta content='X3PX4lxDgtVDGNZv1C7JhtjCIQXvizn6IzKnrLs6UmM' name='google-site-verification'/>
<meta content='u1Umno2V51sOefvZSupzfrrGof2xXx6743-CzHdL-Q4' name='google-site-verification'/>
<meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>
<meta content='blogger' name='generator'/>
<link href='https://blog.talosintelligence.com/favicon.ico' rel='icon' type='image/x-icon'/>
<link href="https://blog.talosintelligence.com/2018/05/VPNFilter.html" rel='canonical' />
<link rel="alternate" type="application/atom+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom" href="https://blog.talosintelligence.com/feeds/posts/default" />
<link rel="alternate" type="application/rss+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - RSS" href="https://blog.talosintelligence.com/feeds/posts/default?alt=rss" />
<link rel="service.post" type="application/atom+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom" href="https://www.blogger.com/feeds/1029833275466591797/posts/default" />

<link rel="alternate" type="application/atom+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom" href="https://blog.talosintelligence.com/feeds/8747922687130206090/comments/default" />
<!--[if IE]><script type="text/javascript" src="https://www.blogger.com/static/v1/jsbin/2068738220-ieretrofit.js"></script>
<![endif]-->
<link href='https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/s640/image2.jpg' rel='image_src'/>
<meta content='VPNFilter is a type of malware which targets a wide range of networking devices.  With the capability to knock out an infected device by rendering it unusable, this Malware is unlike most other IoT threats. It maintains a persistent presence on an infected device, even after a reboot. Patching the firmware of an infected device or immediate replacement is recommended.' name='description'/>
<meta content='http://blog.talosintelligence.com/2018/05/VPNFilter.html' property='og:url'/>
<meta content='New VPNFilter malware targets at least 500K networking devices worldwide' property='og:title'/>
<meta content='VPNFilter is a type of malware which targets a wide range of networking devices.  With the capability to knock out an infected device by rendering it unusable, this Malware is unlike most other IoT threats. It maintains a persistent presence on an infected device, even after a reboot. Patching the firmware of an infected device or immediate replacement is recommended.' property='og:description'/>
<meta content='https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/w1200-h630-p-k-no-nu/image2.jpg' property='og:image'/>
<!--[if IE]> <script> (function() { var html5 = ("abbr,article,aside,audio,canvas,datalist,details," + "figure,footer,header,hgroup,mark,menu,meter,nav,output," + "progress,section,time,video").split(','); for (var i = 0; i < html5.length; i++) { document.createElement(html5[i]); } try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {} })(); </script> <![endif]-->
<title>Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: New VPNFilter malware targets at least 500K networking devices worldwide</title>
<link href='https://fonts.googleapis.com/css?family=Roboto:100,300,400|Exo+2:500,400,300,100,700|Fira+Mono' rel='stylesheet'/>
<style id='page-skin-1' type='text/css'><!--
.CSS_LIGHTBOX {
z-index: 9999 !important;
}
html,body,div {
margin:0;
padding:0;
border:0;
}
html,body {width:100%;height:100%;position:relative;}
body {
display: table;
background-color: #26282A;
overflow-x: hidden;
color: #FFF;
font-family: 'Roboto', sans-serif;
font-weight: 300;
font-size: 11.5pt;
line-height: 1.5em !important;
text-align:left;
}
#header {
display: none;
}
a {
color: #ffffff;
}
a:hover {
color: #f19615 !important;
}
.widget {
line-height: 1.5em;
}
/* Float Controls */
.float-left  { float: left; }
.float-right { float: right; }
#page_wrapper {
min-height: 100%;
min-width:  100%;
background-color: #26282A;
position: relative;
top:    0;
bottom: 100%;
left:   0;
z-index: 300;
/*display: table-row; This was needed for sticky footer, but interferes with new mobile nav*/
}
.col_single {
max-width: 1200px;
width: 100%;
margin: 0 auto;
height: 100%;
float: none;
padding: 80px 15px 150px 15px;
}
.col_single .col-xs-12 { padding: 0 35px; }
.col-xs-12.wide { padding: 0 15px;}
#main-wrapper {
margin-left: 2%;
width: 98%;
display: inline;
word-wrap: break-word;
overflow: hidden;
}
@media (min-width: 950px) {
#main-wrapper {
width: 67%;
float: left;
}
}
label {
font-weight: 300;
text-align: left;
font-size: 10pt;
font-family: 'Roboto', sans-serif;
text-transform: none;
left: 0;
line-height: 1em !important;
display: block;
color: #bdb5b5;
padding-bottom: 4px;
}
/********* Navigation styles **********/
/* full navigation wrapper(s) */
#nav {
/*height: 100%;*/
margin: auto;
font-family: 'Roboto', sans-serif;
font-weight: 300;
font-size: 11pt;
background-color: #1f1f21;
}
#navigation {
width:  100%;
height: 100%;
position: fixed;
top:    0;
right:  0;
bottom: 0;
left:   0;
z-index: 0;
background-color: #005f8e;
text-align: left;
padding: 0;
}
/** This section after removing icons from desktop display **/
#top-nav-bar {
background-color: #161617;
color: #bfbfbf;
font-size: 11px;
font-weight: 400;
text-transform: uppercase;
text-align: right;
padding: 1px 12px;
/* only show on desktop sizes */
display: none;
}
.top-nav-links-wrapper li.site-link a {
padding-left: 20px !important;
background-size: 14px;
background-position: 0 4px;
font-weight: 400 !important;
color: #bfbfbf !important;
width: 100%;
height: 25px;
}
.top-nav-links-wrapper li.site-link a:hover {
color: #fff !important;
}
.account-link { background-image: url('icon_account_small.svg'); }
.account-link:hover { background-image: url('icon_account_small_white.svg'); }
li.site-link a {
background-repeat: no-repeat;
}
.navigation-links-wrapper .site-link a {
background-size: 100%;
background-position: center center;
min-width: 20px;
min-height: 20px;
margin-bottom: -4px;
}
.navigation-links-wrapper .site-link:first-of-type {
margin-left: 50px;
}
/* Navigation needs to be behind page wrapper for mobile but in front of it for desktop */
@media (min-width: 1000px) {
#nav {
height: 80px !important;
font-size: 9pt;
}
#navigation {
z-index: 500;
background-color: transparent;
text-align: center;
position:relative;
}
#top-nav-bar {
display: block;
}
}
#nav ul {
list-style: none;
margin:  0;
padding: 0;
display: block;
}
#nav ul.main-nav-list {
margin: 0 auto;
left: 0;
}
#nav li {
text-align: left;
}
.nav-item {
width: 300px;
border: 1px solid #005f8e;
}
#nav a {
color: #fff;
font-weight: 300;
display: block;
height: 100%;
width:  100%;
-webkit-transition: color 0.2s ease, background-color 0.5s ease;
-moz-transition:    color 0.2s ease, background-color 0.5s ease;
-o-transition:      color 0.2s ease, background-color 0.5s ease;
transition:         color 0.2s ease, background-color 0.5s ease;
}
#nav a:hover { color: #fff; background-color: #393d43; }
.nav-item a  { padding: 10px 15px; }
.nav-item:hover { border: 1px solid #393d43; }
@media (min-width: 1000px) {
.nav-item, .nav-item:hover { border: none; }
}
.primary_nav_link{
text-decoration:none
}
/* Overrides natural list display styles for horizontal nav on desktop */
/* Also splits navigation so there is a section on either side of logo */
@media (min-width: 1000px) {
#nav a {
padding: 0;
font-weight: 400;
}
#nav a.primary_nav_link {
/* increasing contrast */
color: #fff;
font-size: 1.1em;
padding-top: 19px;
padding-bottom: 19px;
font-weight: 300;
}
#nav a.primary_nav_link:hover span {
box-shadow: 0 2px 0 0 #0076be;
}
#nav a.primary_nav_link:hover{
color: #fff!important
}
#nav a:hover {
background-color: transparent;
}
#nav li {
display: inline-block;
text-align: center;
height: 100%;
margin: 0 8px;
}
#nav .sub-nav li { display:block;}
#nav span { display: block; line-height: 1.15em; }
}
@media (min-width: 1300px) {
#nav li { margin: 0 .5rem;}
#nav a.primary_nav_link {
font-size: 1.25em;
}
}
.break { display: none;}
/* Spacing between nav icons on large displays, also changes word breaks on longer link titles */
@media (min-width: 1000px) { .break { display: inline !important; } }
@media (min-width: 1170px) { .break { display: none !important; } }
/* end structural styles */
/****** LOGOS ******/
.navigation-logos-wrapper {
display: block;
float: left;
min-width: 300px;
padding-top: 8px;
text-align: left;
}
.navigation-links-wrapper {
display:block;
}
@media (min-width: 1000px) {
.navigation-links-wrapper {
display:inline-block;
margin-left: -75px;
}
}
@media (min-width: 1300px) {
.navigation-links-wrapper {
display:inline-block;
margin-left: -115px;
}
}
@media (min-width: 1600px) {
.navigation-links-wrapper {
/* centers links, accounts for logo wrapper on left of desktop nav */
margin-left: -357px;
padding-top:2px;
}
}
#cisco-logo-wrapper, #talos-logo-wrapper {
display: inline-block;
}
#cisco-logo-wrapper {
border-right: 1px solid #3f4143;
margin-left: 10px;
margin-right: 12px;
background-image: url('https://www.talosintelligence.com/assets/logo_cisco_white.svg');
background-repeat: no-repeat;
width: 82px;
height: 35px;
opacity: 0.6;
}
#talos-logo-wrapper svg {
height: 36px;
width: auto;
}
#talos-logo-wrapper svg path.st1 {
fill: #0077BE;
}
#nav-logo svg {
transition:         max-width 0.2s ease;
-webkit-transition: max-width 0.2s ease;
-moz-transition:    max-width 0.2s ease;
-o-transition:      max-width 0.2s ease;
}
#nav-logo svg path {
transition:         fill 0.2s ease;
-webkit-transition: fill 0.2s ease;
-moz-transition:    fill 0.2s ease;
-o-transition:      fill 0.2s ease;
}
@media (min-width: 1000px) {
#nav-logo {
background-color: transparent;
}
}
/* Mobile navigation has an additional icon for 'home' in the shelf menu since
/* the main logo stays in the center of the page away from other menu items */
#mobile-nav-topper {
display: inline-block;
width: 300px;
padding: 9px 10px 4px 10px;
background-color: #1278ba;
border-bottom: 1px solid #fff;
text-align: center;
}
#mobile-nav-topper a:hover {
background: transparent !important;
}
@media (min-width: 1000px) {
#mobile-nav-topper { display: none; }
}
/* end mobile logo styles */
/****** NAVIGATION LINK ICONS *******/
.nav-item svg {
padding-top: 3px;
margin-top: 7px;
}
@media (min-width: 1000px) {
.nav-item svg { padding: 0; margin: 0; }
}
#link_blog { margin-top: -1px; } /* Adjusts for pencil that sticks slightly above icon box */
/****** LINK TEXT ADJUSTMENTS ******/
#nav span {
padding-left: 15px;
vertical-align: 5px; /* offsets span sitting at bottom of <a> tag on mobile nav */
}
@media (min-width: 1000px){
#nav span {
padding-left: 0;
vertical-align: baseline;
}
.primary_nav_link svg {
display: none;
}
}
/* Mobile Shelf Styles */
.nav-trigger + label, #page_wrapper, #nav-logo, #footer, .sub-nav-trigger, .sub-nav {
transition:         left 0.2s;
-webkit-transition: left 0.2s;
-moz-transition:    left 0.2s;
-o-transition:      left 0.2s;
}
.nav-trigger:checked + label, .nav-trigger:checked ~ #page_wrapper, .nav-trigger:checked ~ #nav-logo, .nav-trigger:checked ~ #footer {
left: 300px;
}
.sub-nav-trigger:checked ~ .sub-nav {
left: 50px;
}
.sub-nav-trigger:checked ~ .subnav-overlay {
visibility: visible;
opacity: 1;
}
/* If someone expands mobile nav menu and then changes browser window to desktop nav (over 1000px) */
@media (min-width: 1000px) {
.nav-trigger:checked + label, .nav-trigger:checked ~ #page_wrapper, .nav-trigger:checked ~ #nav-logo, .nav-trigger:checked ~ #footer {
left: 0;
}
.sub-nav-trigger:checked ~ .sub-nav {
left: 0;
}
.desktop-hide { display: none !important; }
}
/* Mobile sub navigation styles */
.primary-link-wrapper {
width: 243px;
display: inline-block;
}
.subnav-overlay {
width:  100%;
height: 100%;
position: fixed;
top:    0;
right:  0;
bottom: 0;
left:   0;
background-color: #005f8e;
visibility: hidden;
opacity: 0;
transition: visibility 0s, opacity 0.25s linear;
}
.subnav-overlay svg {
opacity: 0.5;
margin: 10px 0 0 10px;
}
.sub-nav {
width:  100%;
height: 100%;
position: fixed;
top:    0;
right:  0;
bottom: 0;
left:   300px;
z-index: 1;
list-style: none;
background: #393d43;
}
.sub-nav li {
width: 100%;
height: auto;
}
.sub-nav li a {
display: block;
padding: 12px 20px;
color: white;
text-decoration: none;
}
.sub-nav a:hover {
background-color: #f19615;
}
.subnav-back-button {
cursor: pointer;
width: 100%;
padding: 20px;
background-color: #2d3035;
}
/* css chevron */
.subnav-back-button::before {
border-style: solid;
border-width: 3px 3px 0 0;
content: '';
display: inline-block;
height: 12px;
width:  12px;
position: relative;
vertical-align: top;
transform: rotate(-135deg);
margin-right: 30px;
}
.sub-nav h1 {
font-family: "Roboto", Helvetica, Arial, sans-serif;
text-transform: none;
font-weight: 300;
font-size: 16pt;
padding-top: 10px;
margin-top: 20px;
margin-bottom: 10px;
}
.sub-nav-trigger-label:hover svg g circle {
fill: #f19615;
}
.sub-nav-trigger-label:hover {
background-color: #393d43;
}
.sub-nav-trigger-label {
cursor: pointer;
padding: 0;
margin:  0;
text-align: center;
display: inline-block;
float: right;
width: 55px;
-webkit-transition: color 0.2s ease, background-color 0.5s ease;
-moz-transition:    color 0.2s ease, background-color 0.5s ease;
-o-transition:      color 0.2s ease, background-color 0.5s ease;
transition:         color 0.2s ease, background-color 0.5s ease;
}
@media (min-width: 1000px) {
.sub-nav-trigger-label, .sub-nav-trigger {
display: none;
}
.primary-link-wrapper {
width: auto;
display: block;
height: 100%;
}
}
/* Subnav (dropdown) styles for desktop and large mobile */
@media (min-width: 1000px) {
.sub-nav {
display:block !important;
height: 0;
top: 80px;
z-index: 5000;
padding: 0;
margin-left: -55px !important;
white-space: nowrap;
text-align: left !important;
left: auto;
right: auto;
bottom: auto;
}
#nav ul::before, #nav ul::after {
content: "";
display: table;
}
#nav ul::after {
clear: both;
}
.sub-nav li {
overflow: hidden;
text-align: left !important;
background-color: #393d43;
height: 0;
width: 230px;
-webkit-transition: height 200ms ease-in, background-color 0.3s ease;
-moz-transition:    height 200ms ease-in, background-color 0.3s ease;
-o-transition:      height 200ms ease-in, background-color 0.3s ease;
transition:         height 200ms ease-in, background-color 0.3s ease;
}
.sub-nav a {
display: inline-block;
margin-top: -4px;
padding: 10px !important;
}
.sub-nav li:hover {
background-color: #f19615;
}
.sub-nav li:hover a {
color: #212224 !important;
font-weight: 500 !important;
}
#nav ul > li:hover .sub-nav li {
height: 36px !important;
}
}
/* Mobile shelf trigger styles */
/* hides the checkboxes */
.nav-trigger, .sub-nav-trigger {
position: absolute;
clip: rect(0, 0, 0, 0);
display: block;
}
label[for="nav-trigger"] {
position: fixed;
padding: 15px 0 0 15px;
z-index: 9900;
height: 50px;
width:  100px;
cursor: pointer;
display: block;
}
.nav-item {
height: 55px;
}
@media (min-width: 1000px) {
.nav-trigger, label[for="nav-trigger"] { display: none; }
.nav-item { width: auto; border: none;}
}
.login-button {
border-radius: 2px;
background-color: #0076be;
color: #fff !important;
padding: 0 6px !important;
line-height: 1.75em;
-webkit-transition: background .5s;
transition: background .5s;
}
.login-button:hover {
background-color: #f19615 !important;
}
.login-button svg {
display: block;
float: left;
height: 15px;
width: 15px;
margin-top: -3px;
}
.login-button svg path {
fill: #9EA0A5;
-webkit-transition: fill 0.2s ease;
-moz-transition:    fill 0.2s ease;
-o-transition:      fill 0.2s ease;
transition:         fill 0.2s ease;
}
.login-button:hover svg path {
fill: #fff;
}
.display-name {
text-transform: none;
color: #fff;
}
.desktop-hide .login-button {
max-width: 280px;
padding: 12px 24px !important;
font-weight: 400 !important;
background-color: #fff;
color: #25272a !important;
text-align: center;
font-size: 1.1em !important;
}
.acct_links {
color: #fff;
font-weight: 300 !important;
font-family: 'Roboto', sans-serif;
margin: 0;
padding-top: 5px;
padding-left: 10px;
height: auto !important;
}
/*********** Footer Styles *********/
#footer {
clear: both;
min-height: 110px;
text-align: center;
color: #cfd0d4;
font-size: 10.5pt;
font-family: 'Roboto', sans-serif;
font-weight: 400;
width: 100%;
background-color: #212224;
display: block;
position: absolute;
}
.copyright{
font-size: .85em;
font-weight: 300;
padding-top: .75em;
color: #cfd0d4
}
a.copyright-underline{
box-shadow:0 1px 0 0 #ed6f09;
text-decoration:none!important;
}
#footer .footer_nav_wrapper {
margin: auto;
}
#footer ul {
margin: auto;
list-style: none;
}
#footer a {
font-family: 'Roboto', sans-serif!important;
color:#cfd0d4!important;
text-decoration:none;
}
ul.footer_nav {
text-align: center;
padding: 0 20px;
}
.footer_nav li a{
display: inline-block;
width: 195px!important;
line-height: 21px!important;
font-weight: 300;
}
@media  screen and (min-width: 992px) {
ul.footer_nav {
text-align: left;
}
}
.nopad {
margin: 0;
padding: 0;
}
ul.footer_nav li.list_col {
text-align: center;
}
ul.footer_nav li ul li {
padding: 1px 0;
}
/* styles for full width nav col with straight 1 col list of links - small mobile screens */
ul.footer_nav li ul.pad.second.last {
padding-bottom: 32px;
}
ul.footer_nav li ul.pad.first.top {
padding-top: 32px;
padding-left: 0;
}
ul.footer_nav ul {
padding-left: 0;
}
@media screen and (min-width: 450px) {
/* styles for full width nav col, 2 list cols */
ul.footer_nav li ul.pad {
padding: 32px 25px 32px 0;
}
ul.footer_nav li ul.pad.last {
padding-right: 0;
padding-left: 0;
}
ul.footer_nav li ul.pad.second {
padding-top: 0;
}
ul.footer_nav li ul.pad.first {
padding-bottom: 0;
}
ul.footer_nav li.list_col {
display: inline-block;
text-align: left;
}
}
@media screen and (min-width: 800px) {
/* styles for full width nav col, 4 list cols */
ul.footer_nav li ul.pad.first, ul.footer_nav li ul.pad.second {
padding: 32px 28px 32px 0;
}
li.nopad {
display:inline-block;
}
}
@media screen and (min-width: 1050px) {
/* styles for full width nav col, expanded 4 list cols - large screens */
ul.footer_nav li ul.pad {
padding: 32px 40px 32px 0;
}
}
#footer .footer_corporate img {
max-width: 85px;
margin-top: 20px;
}
.underline {
text-decoration: underline;
}
.footer_corporate {
padding-bottom: 15px;
border-top: 2px solid #3f4143;
line-height: 1.35em;
}
#footer h5 {
font-weight: 400;
font-size: 11pt;
text-align: center;
color: #9ea0a5;;
letter-spacing: .25pt;
}
.row {
clear: both;
}
@media  screen and (min-width: 992px) {
.connect_social ul {
text-align: right;
padding-right: 20px;
padding-bottom: 0;
}
.connect_social {
width: 25%;
display:inline-block;
}
.col-md-9 {
width:75%;
float: left;
}
#footer h5 {
padding-top: 35px;
text-align: right;
padding-right: 52px;
}
}
.connect_social ul {
text-align: center;
padding-right: 0;
padding-bottom: 7px;
padding-left: 0;
}
.connect_social ul li {
display: inline-block;
}
.connect_social ul li img {
width: 33px;
height: 33px;
margin: 5px 3px;
}
#footer .connect_social h5{
padding-right: 0;
text-align: center;
}
#footer a {
color: rgba255,255,255,.25)
cursor: pointer;
font-family: "Exo 2", sans-serif;
}
#footer a:hover {color: #f19615;}
.full-height {
height: 100%
}
#content-wrapper {
display: inline-block;
}
/*********** Sidebar Styles ************/
#sidebar-wrapper {
margin-right: 2%;
display: inline;
word-wrap: break-word;
overflow: hidden;
padding-top: 20px;
border-left: 2px solid #26282A;
}
@media (min-width: 950px) {
#sidebar-wrapper {
width: 25%;
float: right;
}
}
.sidebar h2 {
font-family: 'Exo 2', sans-serif;
font-weight: 700;
color: #3f7b9f;
text-transform: uppercase;
font-size: 11pt;
letter-spacing: 1.5pt;
}
.sidebar ul li {
font-size: 9pt;
}
.sidebar .widget {
border-bottom: 2px solid #5c656d;
margin: 0 0 1.5em;
padding: 0 0 1.5em;
}
a.post-count-link {
font-family: 'Exo 2', sans-serif;
color: #9EA0A5;
text-transform: uppercase;
letter-spacing: 1.5pt;
font-weight: 500;
}
a.post-count-link:hover {
color: #f19615;
}
.posts a {
color: #ffffff;
}
.posts a:hover {
color: #f19615;
}
.Label ul {
margin: 5px 0;
padding: 5px 10px;
list-style: none;
list-style-image: none;
max-height: 200px;
overflow: scroll;
border: 1px solid #5c656d;
}
.Label ul li {
background: none;
list-style: none;
list-style-image: none;
list-style-position: outside;
border-width: 0;
padding-left: 15px;
text-indent: -15px;
margin: .25em 0;
background-image: none;
}
.Label ul li a {
color: #ffffff;
font-family: Roboto, sans-serif;
text-transform: uppercase;
font-size: 12px;
}
.Label ul li a:hover {
color: #f19615;
}
/** zippy is the triangle expanders **/
.zippy {
color: #9EA0A5;
}
.subscribe-wrapper {
margin: 0.5em 0;
}
div.subscribe {
background-color: #5c656d;
font-size: 10pt;
font-weight: 100 !important;
color: #ffffff;
border-radius: 2px;
width: 100%;
line-height: 2em;
padding: 1px;
margin: 8px 0;
transition: background-color 0.5s ease;
}
div.subscribe:hover {
background-color: #9EA0A5;
}
div.subscribe div.top, div.subscribe div.bottom {
background-image: none !important;
width: 100%;
}
.feed-icon {
padding: 4px 10px 6px 5px;
width: 15px;
height: auto;
vertical-align: middle;
}
.subscribe-dropdown-arrow {
margin-top: 3px;
margin-left: 10px;
}
#category_list li{
list-style:none;
}
#category_list span{
margin-right: 9px;
padding-left: 18px;
white-space: nowrap;
display: inline-block;
}
#category_list button{
border: none;
border-right: 1px solid #5c656d;
background-color: #5c656d;
font-size: 10pt;
color: #ffffff;
width: auto;
text-align: left;
height: 18px;
font-size: .75em;
margin: 0px -22px;
display: inline-block;
outline: none;
text-transform: capitalize;
transition: background-color 0.5s ease;
}
#category_list a {
position: relative;
margin-left: 20px;
}
#category_list button.selected{
color: #26282A;
background: #ef6f09;
}
#category_list button.selected:hover{
background: #f19615;
}
#category_list button .feed-icon {
width: 15px;
padding: 5px 4px 5px 3px;
}
#category_list button:hover {
background-color: #9EA0A5;
}
#category_list .feed-icon {
padding: 6px 4px 7px 6px;
}
a.feed-reader-link {
color: #ffffff !important;;
}
.gsc-search-button {
background-color: #5c656d;
border-radius: 2px;
border: none;
color: #ffffff;
}
input.gsc-input {
width: 95% !important;
height: 20px;
}
form.gsc-search-box {
margin-top: 7px !important;
}
#Gadget1 h2 {
display: none;
}
#Gadget1 {
text-align: left;
}
A-content, .blog-content a {
color: #ffffff;
text-decoration: none;
}
.blog-title, .blog-title a {
font-family: 'Exo 2', sans-serif;
color: #9EA0A5;
text-transform: uppercase;
letter-spacing: 1.5pt;
font-weight: 500;
text-decoration: none;
padding-bottom: 4px;
}
.blog-title a:hover, .blog-content a:hover {
color: #f19615;
}
.blog-list-container .blog-icon {
display: none;
}
/*********** Blog Post Styles ***********/
.post-outer {
margin-bottom: 40px;
}
.date-header {
font-family: 'Exo 2', sans-serif;
font-weight: 700;
color: #9EA0A5;
text-transform: uppercase;
font-size: 9pt;
letter-spacing: 1.5pt;
padding-bottom: 5px;
}
.date-outer {padding: 0;}
.date-outer p a, .date-outer i a, .date-outer .jump-link a, .post-body > a {
color: #ffffff;
box-shadow: 0px 1px 0px 0px #F19615;
text-decoration: none;
}
.post-title, .post-title a {
font-family: 'Exo 2', sans-serif;
font-size: 19pt;
font-weight: 400;
color: #3f7b9f;
text-decoration: none;
padding-bottom: 20px;
box-shadow: none;
}
/* removing box shadows on links with images */
a < img { box-shadow: none !important;}
a[imageanchor] { box-shadow: none !important;}
h3 {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
color: #3f7b9f;
font-size: 14pt;
padding-top: 20px;
line-height: 1.25em;
margin-bottom: 15px;
}
h5 {
font-family: 'Exo 2', sans-serif;
font-weight: 700;
color: #587282;
font-size: 9pt;
text-transform: uppercase;
letter-spacing: 1.5pt;
margin: 0;
padding-top: 10px;
}
pre {
font-family: 'Fira Mono', monospace;
font-size: 10pt !important;
line-height: 1.5em !important;
color: #f19615;
border: 2px solid #5c656d;
padding: 20px;
background-color: #26282a;
margin: 30px 0;
white-space: pre-wrap;       /* css-3 */
white-space: -moz-pre-wrap;  /* Mozilla, since 1999 */
white-space: -pre-wrap;      /* Opera 4-6 */
white-space: -o-pre-wrap;    /* Opera 7 */
word-wrap: break-word;
max-width: 700px;
}
.entry-content h2 {
font-family: 'Exo 2', sans-serif;
font-weight: 400;
color: #3f7b9f;
text-transform: uppercase;
font-size: 17pt;
}
h4 {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
text-transform: uppercase;
color: #9EA0A5;
}
.entry-content, .post-body {
color: #FFFFFF;
font-family: 'Roboto', sans-serif;
font-weight: 300;
font-size: 11.5pt;
line-height: 1.5em !important;
}
.entry-content img {
max-width: 100%;
height: auto;
margin-top: 30px;
margin-bottom: 10px;
}
figcaption {
font-size: 10pt;
color: #ec6e08;
font-weight: 500;
margin-bottom: 30px;
text-align: left;
}
@media (min-width: 950px) {
max-width: 700px;
height: auto;
}
.post-body {
margin-top: 10px;
}
.post-body table {
}
p {
padding: .75em 0;
margin: 0;
}
.post-footer {
margin: 40px 0 15px 0;
}
.post-footer-line a, .comment-author a, .comment-timestamp a, .comment-footer a {
text-decoration: none;
box-shadow: none;
color: #f19615;
}
.post-footer-line, .comment-author, .comment-timestamp, .comment-footer {
color: #9EA0A5;
font-size: 9pt;
letter-spacing: 1.5pt;
font-family: 'Exo 2', sans-serif;
font-weight: 400;
text-transform: uppercase;
}
.post {
margin: .5em 0 1.5em;
border-bottom: 1px solid #5c656d;
padding-bottom: 1.5em;
}
#comments {
border-bottom: 1px solid #5c656d;
padding: 20px 0;
margin-bottom: 40px;
}
.comment {
border-bottom: 1px solid #5c656d;
}
#comments .blogger-comment-icon, .blogger-comment-icon {
padding: 0;
background: none;
}
.comment-author {
border-top: 1px solid #5c656d;
padding-top: 20px !important;
}
.comments .avatar-image-container {
display:none;
}
.comment-header .user, .comment-header .user a {
color: #f19615;
font-family: 'Exo 2', sans-serif;
font-weight: 500 !important;
text-transform: uppercase;
box-shadow: none;
}
.comment-header .datetime, .comment-header .datetime a {
color: #9EA0A5;
font-family: 'Exo 2', sans-serif;
font-weight: 300;
text-transform: uppercase;
box-shadow: none;
}
.comments .comment-replybox-thread {
margin-top: 40px;
}
h4 {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
text-transform: uppercase;
color: #9EA0A5;
}
img.email {
width: 25px;
height: auto;
}
.blog-pager, .feed-links {
color: #9EA0A5;
font-size: 9pt;
letter-spacing: 1.5pt;
font-family: 'Exo 2', sans-serif;
font-weight: 400;
text-transform: uppercase;
}
.blog-pager a, .feed-links a {
box-shadow: none;
color: #f19615;
}
.social-media-share a {
box-border: none !important;
}
.social-media-share {
margin-top: 15px;
display: flex;
}
.social-media-share img {
width: 25px;
height: 25px;
margin-right: 15px;
}
.social-media-share span {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
text-transform: uppercase;
color: #9EA0A5;
}
.social-media-share .linkedin img{
width: 30px;
height: unset;
position: relative;
top: -3px;
}
.social-call {
float: left;
padding-top: 4px;
margin-right: 15px;
}
iframe {
margin: 20px 0;
max-width: 100%;
}
/****** Search & Label Filter Results ****/
.status-msg-wrap {
width: 100%;
border-bottom: 1px solid #5c656d;
text-align: left;
padding-bottom: 10px;
margin-bottom: 20px;
}
.status-msg-body {
text-align: left;
font-family: 'Roboto', sans-serif;
font-weight: 300;
text-transform: none;
}
.status-msg-body a {
text-decoration: none;
color:  #3f7b9f;
font-weight: 500;
}
.status-msg-body b {
color:  #f19615;
}
.status-msg-bg {
background-color: transparent;
}
.status-msg-border {
border: none;
}
#uds-searchControl .gsc-results {
background-color: transparent !important;
border-bottom: 2px solid #5c656d !important;
border-top: 0 !important;
border-left: 0 !important;
border-right: 0 !important;
}
.gsc-result {
margin-bottom: 10px !important;
padding-bottom: 10px !important;
}
.gs-relativePublishedDate {
font-family: "Exo 2",sans-serif;
font-weight: 500;
font-size: 9pt;
color: #9EA0A5 !important;
text-transform: uppercase;
letter-spacing: 1.5pt;
}
#uds-searchControl .gs-result .gs-title, #uds-searchControl .gs-result .gs-title *, #uds-searchControl .gsc-results .gsc-trailing-more-results, #uds-searchControl .gsc-results .gsc-trailing-more-results * {
font-family: "Exo 2",sans-serif;
font-weight: 700;
text-transform: uppercase;
letter-spacing: 1.5pt;
color:  #6a8596 !important;
text-decoration: none !important;
}
#uds-searchControl .gs-result .gs-title b {
color: #F19615 !important;
}
.gs-visibleUrl a.gs-visibleUrl {
color: #ffffff !important;
text-decoration: none;
box-shadow: 0px 1px 0px 0px #F19615;
line-height: 2em !important;
}
.gsc-url-bottom .gs-visibleUrl {
color: #F19615 !important;
font-weight: 700;
line-height: 2em !important;
text-decoration: underline;
}
#uds-searchControl .gsc-cursor-current-page {
color: #ffffff;
}
.gs-snippet {
padding-top: 5px !important;
}
#uds-searchControl .gsc-tabHeader.gsc-tabhActive {
background-color: #9EA0A5;
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
}
#uds-searchControl .gsc-tabHeader.gsc-tabhInactive {
background-color: #5c656d;
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
}
#uds-searchControl .gsc-tabHeader.gsc-tabhActive, #uds-searchControl .gsc-tabHeader.gsc-tabhInactive {
border: none !important;
border-top-left-radius: 4px;
border-top-right-radius: 4px;
font-weight: 600;
color: #212224;
padding: 3px 10px;
margin: 0 2px 0 0;
}
.gsc-tabsArea {
margin-bottom: 0 !important;
}
.gsc-above-wrapper-area {
padding: 5px 0 1px 0 !important;
border-bottom: 2px solid #9EA0A5 !important;
}
#uds-searchControl .gsc-cursor-current-page {
color: #ffffff !important;
}
.gsc-results .gsc-cursor-box .gsc-cursor-page {
text-decoration: none !important;
color: #9EA0A5 !important;
}
#uds-searchClearResults {
height: 15px !important;
width: 15px !important;
border-width: 2px !important;
}
.gsc-result-info {
color: #ffffff !important;
}
.gsc-webResult .gsc-result {
border-bottom: 1px solid #5c656d !important;
}
.gs-per-result-labels {
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
font-size: 9pt;
color: #9EA0A5 !important;
font-weight: 500;
}
.gs-webResult div.gs-per-result-labels a.gs-label {
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
font-size: 9pt;
color: #3f7b9f !important;
font-weight: 700;
text-decoration: none !important;
}
#Navbar1 {display:none!important;}
## Fix for lightbox preview
.CSS_LIGHTBOX {
z-index: 9999 !important;
}
#### Edits for EU Cookie Notice
.cookie-choices-info {
background-color:#5c656d !important;
}
#cookieChoiceInfo {
z-index:99999 !important;
}
.cookie-choices-info .cookie-choices-text{
color:#fff !important;
}
.cookie-choices-info .cookie-choices-button{
background-color: #ef6f09 !important;
color:#fff !important;
}
/* Styles for the Threat Roundup Posts here */
.threat-roundup-content table {
font-weight: 300;
font-family: 'Roboto', sans-serif;
font-size: 10pt;
text-align: left;
border: none;
border-collapse: collapse !important;
width: 100%;
margin-bottom: 40px;
}
.threat-roundup-content table th {
text-transform: uppercase;
font-weight: 400;
background-color: #3e4145;
color: #b9b9b9;
}
.threat-roundup-content table th, .threat-roundup-content table td {
padding: 4px 8px;
vertical-align: top;
}
.threat-roundup-content table.threats-table td {
padding-top: 8px;
padding-bottom: 8px;
line-height: 1.35em;
}
.threat-roundup-content table > tbody > tr:nth-of-type(odd) {
background-color: #2e3135;
}
hr.thin {
border-color: grey;
border-style: solid;
margin: 15px 0;
}
.screenshot-section + hr.thin {
margin-bottom: 40px;
}
.threat-roundup-content h2 {
margin: 40px 0;
}
.threat-roundup-content code {
font-family: 'Fira Mono', monospace;
color: #f19615;
font-weight: 300;
font-size: 8.75pt;
}
.threat-roundup-content td code {
word-break: break-all;
}
.threat-name-col {
color: #f19615;
font-weight: 400;
}
.text-center {
text-align: center;
}
.code {
background-color: #26282a;
color: #f19615;
border: 2px solid #5c656d;
padding: 20px;
margin: 10px 0 40px 0;
}
.code code {
line-height: 1.65;
}
.threat-table-note {
font-size: 9pt;
margin-top: -36px;
margin-bottom: 36px;
}
.coverage-check img {
width: 20px;
height: auto;
margin: -3px 0 !important;
}
.coverage-na {
font-style: italic;
}
.threat-coverage-table {
margin: auto;
max-width: 400px;
}
table.threat-coverage-table td, table.threat-coverage-table th {
padding: 6px 20px;
}
.screenshot-section h4 {
color: #f19615;
font-weight: 400;
margin-bottom: 8px;
}
.screenshot-section img {
margin: 0 auto 40px auto;
}
.amp-section img {
max-width: 350px;
}
table.exploit-prev-table {
margin-top: 40px;
}
table.exploit-prev-table td {
font-size: 8.75pt;
line-height: 1.5em;
padding: 8px 8px 16px 8px;
}
table.exploit-prev-table td.detection-col {
font-size: 9.5pt;
padding: 4px 8px;
}
.detection-col .threat-name-col {
font-weight: 500;
}
.button-link {
box-shadow: none !important;
}
.blog-podcast-button {
border-radius: 2px;
color: #fff;
border: none;
background-color: #5c656d;
line-height: 2em;
padding: 4px 16px 4px 12px;
margin-bottom: 20px;
margin-top: 10px;
}
.blog-podcast-button img {
width: 20px;
height: 20px;
margin: 0;
float: left;
padding-right: 4px;
padding-top: 3px;
}

--></style>
<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1029833275466591797&amp;zx=1c47cbfd-ad70-4608-bf07-3201299944bc' media='none' onload='if(media!=&#39;all&#39;)media=&#39;all&#39;' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1029833275466591797&amp;zx=1c47cbfd-ad70-4608-bf07-3201299944bc' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script type="text/javascript" language="javascript">
  // Supply ads personalization default for EEA readers
  // See https://www.blogger.com/go/adspersonalization
  adsbygoogle = window.adsbygoogle || [];
  if (typeof adsbygoogle.requestNonPersonalizedAds === 'undefined') {
    adsbygoogle.requestNonPersonalizedAds = 1;
  }
</script>


</head>
<body>
<div class='no-items section' id='header'></div>
<!-- Begin Navigation -->
<nav id='nav'>
<!-- Top navigation section: Account links / sign in -->
<div id='top-nav-bar'>
<ul class='top-nav-links-wrapper'>
<li>
</li>
</ul>
</div>
<!-- Main Navigation -->
<div id='navigation'>
<div id='mobile-nav-topper'>
<a href='https://www.talosintelligence.com'>
<!-- TALOS MOBILE ICON 'O' -->
<svg height='55px' viewBox='0 0 55 55' width='55px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g>
<g class='mobile-nav-home'>
<path clip-rule='evenodd' d='M45.201,12.343c0.378,0.48,0.758,0.925,1.096,1.401    c2.975,4.207,4.543,8.876,4.494,14.044c-0.05,5.452-1.643,10.386-5.186,14.593c-3.484,4.133-7.929,6.73-13.182,7.895    c-6.313,1.398-12.216,0.275-17.695-3.131c-0.441-0.273-0.847-0.6-1.266-0.904c-0.11-0.078-0.208-0.174-0.337-0.287    c0.127-0.141,0.246-0.27,0.366-0.398c0.887-0.949,1.765-1.904,2.663-2.844c0.114-0.119,0.321-0.217,0.485-0.217    c3.658-0.006,7.318,0,10.975,0.008c3.458,0.006,6.913,0.02,10.369,0.02c0.957,0,1.871-0.193,2.62-0.844    c0.797-0.693,1.157-1.596,1.157-2.643c0.001-7.533,0.003-15.067-0.005-22.601c-0.002-0.309,0.088-0.524,0.3-0.743    C43.098,14.598,44.127,13.49,45.201,12.343' fill='#FFFFFF' fill-rule='evenodd'></path>
<path clip-rule='evenodd' d='M41.402,8.822c-0.99,1.027-1.994,2.021-2.935,3.072    c-0.312,0.35-0.616,0.416-1.036,0.415c-6.98-0.009-13.957-0.007-20.938-0.007c-2.039,0-3.561,1.514-3.561,3.557    c0,6.504,0.002,13.008,0.006,19.512c0.002,0.973,0.011,1.943,0.004,2.914c0,0.133-0.04,0.301-0.127,0.393    c-1.069,1.162-2.15,2.314-3.229,3.469c-0.021,0.023-0.052,0.039-0.109,0.08c-0.159-0.188-0.323-0.369-0.471-0.562    c-2.535-3.348-4.119-7.102-4.605-11.268c-0.61-5.229,0.194-10.229,2.835-14.839c2.669-4.664,6.655-7.805,11.618-9.75    c3.205-1.257,6.533-1.852,9.977-1.621c4.478,0.298,8.553,1.754,12.227,4.325c0.101,0.072,0.197,0.151,0.291,0.229    C41.364,8.755,41.374,8.778,41.402,8.822' fill='#FFFFFF' fill-rule='evenodd'></path>
<path clip-rule='evenodd' d='M39.799,12.47c0.873-0.911,1.749-1.829,2.676-2.797    c0.605,0.564,1.195,1.112,1.816,1.691c-0.941,0.985-1.817,1.903-2.703,2.83c-0.276-0.339-0.511-0.688-0.807-0.975    C40.492,12.941,40.145,12.728,39.799,12.47' fill='#FFFFFF' fill-rule='evenodd'></path>
<path clip-rule='evenodd' d='M10.35,43.279c0.969-1.016,1.885-1.977,2.76-2.893    c0.213,0.369,0.376,0.762,0.639,1.072c0.265,0.312,0.627,0.539,0.98,0.832c-0.853,0.891-1.713,1.791-2.624,2.746    C11.513,44.445,10.939,43.869,10.35,43.279' fill='#FFFFFF' fill-rule='evenodd'></path>
</g>
</g>
</svg>
<!-- END ICON -->
</a>
</div>
<!-- Cisco | Talos logos -->
<div class='navigation-logos-wrapper'>
<div id='cisco-logo-wrapper'></div>
<div id='talos-logo-wrapper'>
<a href='https://www.talosintelligence.com'>
<!-- TALOS LOGO -->
<!-- Generator: Adobe Illustrator 26.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg id='Layer_1' style='enable-background:new 0 0 3361.3 912.4;' version='1.1' viewBox='0 0 3361.3 912.4' x='0px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' y='0px'>
<style type='text/css'>
	.st0{display:none;}
	.ukraine_yellow{fill:#FCB83D;}
	.ukraine_blue{fill:#006DB6;}
</style>
<g class='st0' id='scaffold'>
</g>
<g>
<path class='ukraine_yellow' d='M1342.8,795.4c-0.1-20.7-0.2-41.3-0.2-62c-0.1-62.8-0.3-125.6-0.3-188.5c0-29.8-0.1-59.7-0.1-89.5h-97.5   c0,53.5-0.2,106.9-0.7,160.4c-0.1,10-1.4,20.4-4.1,30c-8.3,29.8-25.9,51.8-56.5,60.6c-10.4,3-21.6,4.3-32.5,4.4   c-63.5,0.4-127,0.2-190.5,0.2c-5.8,0-11.7,0.2-17.5,0.7c-39.7,3.1-70.5-18.3-80.8-56.7c-8.2-30.7-4-60.6,8-89.4   c15.4-36.8,40.5-64.3,78.6-78.4c17.8-6.6,36.3-7.1,55.1-7c72.3,0.3,144.6,0,217,0c1.8,0,3.5,0,5.1,0c0-8.3,0-16.6,0-24.9H836.4   c-26.4,28-46,61.3-60,98.4c-15.9,42-16.3,86-8.5,130.1c4.3,24.7,13,47.5,29.9,66.6c28.1,31.8,64.5,46.6,106,48.6   c29.4,1.4,59,1.2,88.4,1.1c61-0.1,121.9,0,182.9-1.2c34-0.7,65.4-10,90.5-35.2c21.3,18.3,46.2,29.1,73.2,36.8h4   C1342.8,798.5,1342.8,797,1342.8,795.4z'></path>
<path class='ukraine_yellow' d='M465.1,793.9c0-112.8,0-225.6,0-338.4H359.4c0,81.4,0,162.7,0,244.1c0,25.8,7,49,25.5,67.9   c15.5,15.9,34.9,24.8,56.2,29.6c6.9,1.6,14,2.4,21.5,3.6h2.5C465.1,797.7,465.1,795.8,465.1,793.9z'></path>
<path class='ukraine_yellow' d='M2896.8,494.3c76.3,0.9,152.6,0.3,229,0.3c3.5,0,7,0.1,10.5,0.3c24,1.3,39.4,17.8,39.6,42.1   c0.2,27.5,0.8,55,0.9,82.5c0.1,13,0.6,26.1-1.1,38.9c-3.4,25.2-25.5,43.4-50.8,43.5c-47.7,0.1-95.3,0.2-143,0.2   c-55.5,0-111,0.1-166.5-0.1c-7.5,0-13.9,1.6-20.3,5.3c-34.2,19.6-61.1,45.9-76.7,82.7c-1.4,3.4-2.4,6.9-3.7,10.9h427.6   c5.5-0.2,11-0.7,16.4-1.4c70-9.3,107.2-69.5,112.1-115.8c1.4-13.2,0.4-26.6,0.4-39.9c-0.1-39.5-0.2-79-0.4-118.5   c-0.1-17.5-2.6-34.7-10.5-50.4c-3.5-6.9-7.3-13.3-11.5-19.1h-444.5C2828.2,482.4,2860.4,493.8,2896.8,494.3z'></path>
<polygon class='ukraine_yellow' points='3251.7,800.6 3251.7,776.9 3260.5,776.9 3260.5,771.4 3235.9,771.4 3235.9,776.9 3244.5,776.9    3244.5,800.6  '></polygon>
<polygon class='ukraine_yellow' points='3279.4,791.9 3272.8,771.4 3263.5,771.4 3263.5,800.6 3270.6,800.6 3270.6,794 3269.9,779.9    3277,800.6 3281.8,800.6 3288.9,779.9 3288.2,794 3288.2,800.6 3295.3,800.6 3295.3,771.4 3285.9,771.4  '></polygon>
<path class='ukraine_yellow' d='M2403.3,792.4c77.5-17.2,143.1-55.5,194.5-116.5c52.3-62.1,75.8-134.9,76.5-215.3c0-1.7,0-3.4,0-5.1h-133.2   c0,57,0,114.1,0,171.1c0,15.4-5.3,28.8-17.1,39c-11,9.6-24.5,12.4-38.6,12.4c-51,0-102-0.2-153-0.3c-54-0.1-108-0.2-162-0.1   c-2.4,0-5.5,1.4-7.2,3.2c-13.2,13.9-26.2,28-39.3,42c-1.8,1.9-3.5,3.8-5.4,5.9c1.9,1.7,3.4,3.1,5,4.2c6.2,4.5,12.2,9.3,18.7,13.3   c53,33,108.8,51.5,167.2,54.4h33.7C2362.9,799.7,2383,796.9,2403.3,792.4z'></path>
<path class='ukraine_yellow' d='M2118.4,646.5c-12.9,13.5-26.4,27.7-40.7,42.7c8.7,8.7,17.2,17.2,25.9,25.9c13.5-14.1,26.1-27.4,38.7-40.5   c-5.2-4.3-10.5-7.7-14.4-12.3C2123.9,657.7,2121.5,651.9,2118.4,646.5z'></path>
<path class='ukraine_yellow' d='M1584.6,455.5h-106.8c0,81.9,0,163.7,0,245.6c0,6.8,0.4,13.7,1.3,20.4c5.9,46.5,42.1,78.6,88.5,78.6   c144.6,0,289.3,0,433.9,0c1.7,0,3.5,0,5.5,0c-0.9-15.3-4.1-29.2-9.2-42.6c-14-36.3-41.2-60.8-86.9-60.5   c-94.1,0.5-188.3,0-282.4-0.1c-22.3,0-34-8.9-39.7-30.3c-4.7-17.6-4.2-35.6-4.2-53.6C1584.6,560.5,1584.6,508,1584.6,455.5z'></path>
<path class='ukraine_yellow' d='M1989.8,499.1c7.2,61.5,30.6,116.9,68,166.3c2.2,2.9,4.6,5.5,6.9,8.3c0.9-0.6,1.3-0.8,1.6-1.2   c15.9-17,31.9-34,47.7-51.2c1.3-1.4,1.8-3.8,1.9-5.8c0.1-14.3,0-28.7,0-43c0-39,0-78-0.1-117H1987   C1987.2,469.9,1988.1,484.4,1989.8,499.1z'></path>
</g>
<g>
<path class='ukraine_blue' d='M2804.2,455.5h444.5c-23.8-33-58.9-48.6-100.8-49.9c-68.6-2.2-137.3-1-205.9-1.2c-13.7-0.1-27.3,0-41-0.3   c-11.6-0.3-21.4-4.7-28.1-14.6c-5.6-8.4-8.8-17.5-8.1-27.8c2.7-39.9,5.2-79.8,8.2-119.7c1.1-14.5,7.2-27,18.5-36.5   c12.5-10.4,27.4-13.2,43-13.2c87.2,0,174.3-0.3,261.5,0.3c13.8,0.1,24.9-3.9,35.3-12c0.9-0.7,1.9-1.4,2.8-2.1   c20.6-16.7,32.5-37.9,33.8-65.4c-2,0-3.3,0-4.6,0c-62-0.2-124-0.5-185.9-0.8c-42.7-0.2-85.3-0.5-128-0.5c-17.3,0-34.8-0.3-51.9,1.7   c-40.6,4.7-73.8,23-96.5,57.8c-10.8,16.6-19.1,34.5-20.3,54.6c-2.8,44.9-5,89.8-7.7,134.7c-1.8,30.8,5.1,59.4,23.1,84.6   C2798.6,448.9,2801.4,452.3,2804.2,455.5z'></path>
<path class='ukraine_blue' d='M1226,455.5c0-22.1,0-44,0-66c-2.6,0-4.7,0-6.8,0c-81,0-162,0.1-243,0c-33.4,0-64.3,8.6-92.3,26.6   c-17.9,11.5-33.6,24.7-47.5,39.4H1226z'></path>
<path class='ukraine_blue' d='M1584.6,455.5c0-81.1,0-162.2-0.1-243.4c0-24.5-7.6-46.3-25.1-63.9c-22.3-22.3-50.3-31.4-81.7-34.8   c0,3,0,5.2,0,7.3c0,111.6,0,223.1,0,334.7H1584.6z'></path>
<path class='ukraine_blue' d='M184.3,197.1c17.7,1.4,35.6,0.9,53.4,1c29,0.1,58,0,87,0c9,0,17.3,2.5,23.3,9.6c7.3,8.6,11.4,18.4,11.4,30.1   c-0.1,72.6-0.1,145.2-0.1,217.8h105.7c0-71.5,0-143,0-214.5c0-4,0.3-8,1.2-11.9c4.1-18.4,17.1-30.5,33.9-30.7   c25.3-0.2,50.6,0.4,76,0.4c21.5,0,43.1,1.1,64.4-0.8c44.5-3.9,75.5-27.3,91.8-69.2c2.2-5.7,3.5-11.7,5.4-18   c-216.3,0-431.7,0-647.9,0c0.4,2.7,0.6,5,1.1,7.3C100.4,162.1,137,193.5,184.3,197.1z'></path>
<path class='ukraine_blue' d='M2541,293.1c0.1,54.1,0.1,108.2,0.1,162.4h133.2c-0.3-74.2-23.4-141.4-66.3-202.1c-5-7-10.6-13.6-16.1-20.7   c-15.9,16.9-31,33.3-46.4,49.4C2542.4,285.4,2541,288.6,2541,293.1z'></path>
<path class='ukraine_blue' d='M2115.8,455.5c0-57,0-113.9,0-170.9c0-30.1,22.5-52.5,52.5-52.5c103,0,205.9,0,308.9,0.1   c6.2,0,10.7-1,15.3-6.1c13.9-15.5,28.7-30.2,43.3-45.3c-0.4-0.7-0.5-1-0.8-1.2c-1.4-1.2-2.8-2.3-4.3-3.4   c-54.2-37.9-114.3-59.4-180.4-63.8c-50.8-3.4-99.9,5.4-147.2,23.9c-73.2,28.7-132,75.1-171.4,143.9   c-31.5,55.1-45.3,113.9-44.7,175.3H2115.8z'></path>
<path class='ukraine_blue' d='M2526.7,245.7c4.4,4.2,7.8,9.4,11.9,14.4c13.1-13.7,26-27.2,39.9-41.8c-9.2-8.5-17.8-16.6-26.8-25   c-13.7,14.3-26.6,27.8-39.5,41.3C2517.2,238.4,2522.4,241.6,2526.7,245.7z'></path>
<path class='ukraine_blue' d='M894.7,191.4c2.1,1.1,4.7,1.5,7.1,1.6c14.2,0.1,28.3,0.1,42.5,0.1c60-0.2,120-0.2,179.9-0.6   c19.7-0.1,38.8,1.8,57.1,9.8c39.5,17.4,62,46.6,62.5,90.8c0.5,46.3,0.8,92.6,0.8,138.9c0,7.8,0,15.7,0,23.5h97.5   c0-50.8-0.1-101.6-0.3-152.4c-0.1-14.5-1-29-3-43.3c-4.6-34.3-17.3-65.2-42-90.3c-22.6-22.9-50.6-36.4-81.1-45.2   c-34.4-9.9-69.7-13.4-105.2-13.6c-34-0.2-68,0.8-101.9,0.9c-53.8,0.2-107.6,0-161.5,0c-1.9,0-3.9,0-5.8,0c-0.2,1.2-0.3,1.7-0.3,2.1   C846.2,148.4,863.4,174.9,894.7,191.4z'></path>
</g>
</svg>
<!-- END TALOS LOGO -->
</a>
</div>
</div>
<!-- Main Site Navigation Links -->
<div class='navigation-links-wrapper'>
<ul class='main-nav-list'>
<!-- Sofware -->
<li class='nav-item '>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/software'>
<!-- SOFTWARE ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='tools-icon'>
<path d='M24.7-0.062H1.3C0.583-0.062,0,0.521,0,1.241v17.393c0,0.721,0.583,1.304,1.3,1.304h23.4   c0.719,0,1.3-0.583,1.3-1.304V1.241C26,0.521,25.419-0.062,24.7-0.062z M23.604,13.027c-0.063,0.058-0.151,0.077-0.232,0.052   L20.2,12.104c-0.024-0.008-0.052,0.007-0.06,0.032l-0.806,2.62c-0.008,0.025,0.006,0.048,0.023,0.057l3.201,0.984   c0.08,0.024,0.142,0.091,0.161,0.172c0.02,0.082-0.006,0.169-0.067,0.227c-1.106,1.063-2.77,1.309-4.137,0.609   c-1.207-0.616-1.918-1.825-1.961-3.093L7.858,9.268C6.806,9.976,5.41,10.107,4.202,9.49C3.249,9.002,2.564,8.124,2.328,7.076   C2.309,6.994,2.335,6.907,2.398,6.85c0.062-0.058,0.149-0.078,0.231-0.053l3.172,0.975c0.025,0.008,0.052-0.006,0.06-0.032   l0.805-2.621C6.673,5.094,6.66,5.071,6.642,5.063L3.441,4.078C3.361,4.053,3.3,3.988,3.28,3.906   C3.26,3.824,3.286,3.737,3.347,3.679c1.108-1.063,2.77-1.308,4.138-0.609c1.207,0.618,1.918,1.826,1.961,3.093l8.697,4.445   c1.053-0.708,2.448-0.84,3.655-0.223c0.955,0.488,1.638,1.367,1.876,2.414C23.692,12.883,23.665,12.969,23.604,13.027z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Software</span>
</a>
</div>
</li>
<!-- Vulnerability Information -->
<li class='nav-item '>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/vulnerability_info'>
<!-- VULNERABILITY INFO ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='vuln-icon'>
<path d='M24.256,18.49L13.872,0.503C13.692,0.192,13.36,0,13,0c-0.359,0-0.692,0.192-0.872,0.503L1.744,18.49  c-0.18,0.312-0.18,0.695,0,1.006C1.924,19.809,2.257,20,2.616,20h20.769c0.359,0,0.691-0.191,0.871-0.504  C24.436,19.186,24.436,18.803,24.256,18.49 M14.268,18.215h-2.533v-1.85h2.533V18.215z M14.268,15.441h-2.533L10.89,6.515h4.222  L14.268,15.441z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Vulnerability<span class='break'><br/></span> Information</span>
</a>
</div>
<input class='sub-nav-trigger' id='vuln-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='vuln-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://www.talosintelligence.com/vulnerability_info'>
<h1>Vulnerability Information</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='vuln-sub-trigger'>BACK</label></li>
<li><a href='https://www.talosintelligence.com/vulnerability_reports'>Vulnerability Reports</a></li>
<li><a href='https://www.talosintelligence.com/ms_advisories'>Microsoft Advisories</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- VULNERABILITY INFO ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='vuln-icon'>
<path d='M24.256,18.49L13.872,0.503C13.692,0.192,13.36,0,13,0c-0.359,0-0.692,0.192-0.872,0.503L1.744,18.49  c-0.18,0.312-0.18,0.695,0,1.006C1.924,19.809,2.257,20,2.616,20h20.769c0.359,0,0.691-0.191,0.871-0.504  C24.436,19.186,24.436,18.803,24.256,18.49 M14.268,18.215h-2.533v-1.85h2.533V18.215z M14.268,15.441h-2.533L10.89,6.515h4.222  L14.268,15.441z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Reputation Center -->
<li class='nav-item '>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/reputation'>
<!-- REPUTATION CENTER ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='center-icon'>
<path d='M24.7,0H1.3C0.582,0,0,0.585,0,1.308v17.384C0,19.415,0.582,20,1.3,20h23.4c0.718,0,1.3-0.585,1.3-1.308   V1.308C26,0.585,25.418,0,24.7,0z M21.75,10.5h-1.9c-0.246,3.392-2.958,6.104-6.35,6.35v1.9h-1v-1.9   c-3.392-0.246-6.104-2.958-6.35-6.35h-1.9v-1h1.9c0.246-3.392,2.958-6.104,6.35-6.35v-1.9h1v1.9c3.392,0.246,6.104,2.958,6.35,6.35   h1.9V10.5z' fill='#9EA0A5'></path>
<path d='M18.85,9.5c-0.241-2.84-2.509-5.108-5.35-5.35v2.184h-1V4.15C9.66,4.392,7.392,6.66,7.15,9.5h2.184v1H7.15   c0.241,2.841,2.509,5.108,5.35,5.35v-2.184h1v2.184c2.841-0.241,5.108-2.509,5.35-5.35h-2.184v-1H18.85z M13,11.984   c-1.096,0-1.984-0.888-1.984-1.984c0-1.096,0.888-1.984,1.984-1.984c1.097,0,1.984,0.888,1.984,1.984   C14.984,11.097,14.097,11.984,13,11.984z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Reputation<span class='break'><br/></span> Center</span>
</a>
</div>
<input class='sub-nav-trigger' id='reputation-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='reputation-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://www.talosintelligence.com/reputation'>
<h1>Reputation Center</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='reputation-sub-trigger'>BACK</label></li>
<li><a data-method='get' href='https://www.talosintelligence.com/reputation_center'>IP & Domain Reputation</a></li>
<li><a href='https://www.talosintelligence.com/talos_file_reputation'>Talos File Reputation</a></li>
<li><a href='https://www.talosintelligence.com/support'>Reputation Support</a></li>
<li><a href='https://www.talosintelligence.com/secure-endpoint-naming'>Secure Endpoint Naming Conventions</a></li>
<li><a href='https://www.talosintelligence.com/categories'>Intelligence Categories</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- REPUTATION CENTER ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='center-icon'>
<path d='M24.7,0H1.3C0.582,0,0,0.585,0,1.308v17.384C0,19.415,0.582,20,1.3,20h23.4c0.718,0,1.3-0.585,1.3-1.308   V1.308C26,0.585,25.418,0,24.7,0z M21.75,10.5h-1.9c-0.246,3.392-2.958,6.104-6.35,6.35v1.9h-1v-1.9   c-3.392-0.246-6.104-2.958-6.35-6.35h-1.9v-1h1.9c0.246-3.392,2.958-6.104,6.35-6.35v-1.9h1v1.9c3.392,0.246,6.104,2.958,6.35,6.35   h1.9V10.5z' fill='#9EA0A5'></path>
<path d='M18.85,9.5c-0.241-2.84-2.509-5.108-5.35-5.35v2.184h-1V4.15C9.66,4.392,7.392,6.66,7.15,9.5h2.184v1H7.15   c0.241,2.841,2.509,5.108,5.35,5.35v-2.184h1v2.184c2.841-0.241,5.108-2.509,5.35-5.35h-2.184v-1H18.85z M13,11.984   c-1.096,0-1.984-0.888-1.984-1.984c0-1.096,0.888-1.984,1.984-1.984c1.097,0,1.984,0.888,1.984,1.984   C14.984,11.097,14.097,11.984,13,11.984z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Library -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/resources'>
<!-- LIBRARY ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='library-icon'>
<g>
<rect fill='#9EA0A5' height='0.882' width='5.438' x='7.389' y='9.446'></rect>
<rect fill='#9EA0A5' height='0.883' width='5.438' x='7.389' y='13.887'></rect>
<rect fill='#9EA0A5' height='0.882' width='5.438' x='7.389' y='7.226'></rect>
<rect fill='#9EA0A5' height='0.883' width='5.438' x='7.389' y='11.666'></rect>
<path d='M24.7,0H1.3C0.583,0,0,0.56,0,1.25v17.499C0,19.44,0.583,20,1.3,20h23.4c0.719,0,1.3-0.56,1.3-1.251V1.25    C26,0.56,25.419,0,24.7,0z M14.32,15.852c0,0.275-0.222,0.498-0.498,0.498H6.665c-0.274,0-0.497-0.223-0.497-0.498V6.144    c0-0.276,0.222-0.499,0.497-0.499h7.157c0.276,0,0.498,0.223,0.498,0.499V15.852z M19.832,13.564c0,0.273-0.222,0.496-0.497,0.496    h-3.768v-1.578h2.771V11.6h-2.771v-1.339h2.771V9.38h-2.771V8.041h2.771V7.159h-2.771V6.144c0-0.111-0.01-0.219-0.03-0.325h2.802    V4.938h-3.257c-0.318-0.332-0.764-0.54-1.26-0.54H11.68V3.856c0-0.275,0.222-0.499,0.498-0.499h7.158    c0.275,0,0.497,0.224,0.497,0.499V13.564z' fill='#9EA0A5'></path>
</g>
</g>
</svg>
<!-- END ICON -->
<span>Library</span>
</a>
</li>
<!-- Support -->
<li class='nav-item'>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/community'>
<!-- SUPPORT ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='community-icon'>
<g>
<path d='M24.7-0.062H1.3C0.582-0.062,0,0.521,0,1.241v17.393c0,0.72,0.582,1.304,1.3,1.304h23.4    c0.718,0,1.3-0.584,1.3-1.304V1.241C26,0.521,25.418-0.062,24.7-0.062z M18.911,12.189c0,1.98-5.911,5.461-5.911,5.461    s-5.911-3.208-5.911-5.461c0-2.251,0-8.189,0-8.189L13,2.361L18.911,4C18.911,4,18.911,10.21,18.911,12.189z' fill='#9EA0A5'></path>
<polygon fill='#9EA0A5' points='9.671,8.763 8.275,10.16 11.77,13.655 13.166,12.259 17.726,7.699 16.384,6.357 11.824,10.917       '></polygon>
</g>
</g>
</svg>
<!-- END ICON -->
<span>Support</span>
</a>
</div>
<input class='sub-nav-trigger' id='community-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='community-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://www.talosintelligence.com/community'>
<h1>Support Communities</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='community-sub-trigger'>BACK</label></li>
<li>
<a href='https://www.talosintelligence.com/reputation_center/support#reputation_center_support_ticket'>Reputation Center Support</a>
</li>
<li><a href='https://snort.org/community' target='_blank'>Snort Community</a></li>
<li><a href='https://www.clamav.net/contact.html#ml' target='_blank'>ClamAV Community</a></li>
<li><a href='https://www.spamcop.net/' target='_blank'>SpamCop</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- SUPPORT ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='community-icon'>
<g>
<path d='M24.7-0.062H1.3C0.582-0.062,0,0.521,0,1.241v17.393c0,0.72,0.582,1.304,1.3,1.304h23.4    c0.718,0,1.3-0.584,1.3-1.304V1.241C26,0.521,25.418-0.062,24.7-0.062z M18.911,12.189c0,1.98-5.911,5.461-5.911,5.461    s-5.911-3.208-5.911-5.461c0-2.251,0-8.189,0-8.189L13,2.361L18.911,4C18.911,4,18.911,10.21,18.911,12.189z' fill='#9EA0A5'></path>
<polygon fill='#9EA0A5' points='9.671,8.763 8.275,10.16 11.77,13.655 13.166,12.259 17.726,7.699 16.384,6.357 11.824,10.917       '></polygon>
</g>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Incident Response -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/incident_response'>
<!-- INCIDENT RESPONSE ICON -->
<svg height='20px' id='Layer_1' version='1.1' viewBox='0 0 26 20' width='26px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink'>
<g class='nav-icon' id='nav-ir-icon'>
<path d='M24.7,0H1.3C0.6,0,0,0.6,0,1.2v17.5C0,19.4,0.6,20,1.3,20h23.4c0.7,0,1.3-0.6,1.3-1.3V1.2   C26,0.6,25.5,0,24.7,0z M7.9,8.9c0-2.9,2.3-5.2,5.1-5.2s5.1,2.3,5.1,5.2v3.5H7.9V8.9z M20.2,15.8c0,0.3-0.2,0.5-0.5,0.5H6.4   c-0.3,0-0.5-0.2-0.5-0.5v-2.1c0-0.3,0.2-0.5,0.5-0.5h13.2c0.3,0,0.5,0.2,0.5,0.5V15.8z' fill='#9EA0A5'></path>
<path d='M13,5.2L13,5.2c-1.8,0-3.6,1.4-3.6,3.3c0,0.1,0,0.2,0.1,0.3c0.1,0.1,0.2,0.1,0.3,0.1s0.2,0,0.3-0.1   c0.1-0.1,0.1-0.2,0.1-0.3c0-1.3,1.4-2.4,2.7-2.4c0.1,0,0.2,0,0.3-0.1c0.1-0.1,0.1-0.2,0.1-0.3s0-0.2-0.1-0.3   C13.3,5.3,13.2,5.2,13,5.2z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Incident Response</span>
</a>
</li>
<!-- Careers -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/careers'>
<!-- CAREERS ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='career-icon'>
<path d='M24.7,0H1.3C0.582,0,0,0.559,0,1.25v17.499C0,19.44,0.582,20,1.3,20h23.4c0.719,0,1.3-0.56,1.3-1.251V1.25   C26,0.559,25.419,0,24.7,0z M4.047,13.736c-0.21-1.287-0.46-3.002-0.41-3.657c0.052-0.687,0.645-1.194,1.76-1.51   c0.278-0.08,0.562-0.139,0.815-0.184l0.104-0.554C5.774,7.357,5.404,6.46,5.404,5.68c0-1.124,0.767-2.037,1.713-2.037   c0.946,0,1.713,0.913,1.713,2.037c0,0.781-0.371,1.677-0.914,2.152l0.104,0.554C8.275,8.431,8.558,8.49,8.837,8.57   c0.427,0.121,0.777,0.27,1.05,0.447c-0.811,0.26-1.462,0.597-1.938,1.004c-0.606,0.52-0.956,1.182-1.012,1.913   c-0.029,0.385-0.002,0.988,0.08,1.803H4.047z M17.618,17.5H8.383c-0.317-1.938-0.692-4.516-0.617-5.502   c0.079-1.031,0.97-1.796,2.648-2.272c0.418-0.118,0.845-0.209,1.227-0.276l0.156-0.833c-0.817-0.715-1.373-2.062-1.373-3.238   c0-1.691,1.153-3.063,2.576-3.063c1.424,0,2.577,1.372,2.577,3.063c0,1.176-0.556,2.524-1.374,3.238L14.36,9.45   c0.382,0.067,0.808,0.158,1.227,0.276c1.679,0.476,2.569,1.241,2.648,2.272C18.311,12.984,17.937,15.562,17.618,17.5z    M21.953,13.736h-2.969c0.082-0.814,0.109-1.418,0.081-1.803c-0.057-0.73-0.406-1.393-1.013-1.913   c-0.476-0.407-1.127-0.745-1.938-1.004c0.272-0.177,0.623-0.326,1.05-0.447c0.279-0.08,0.562-0.139,0.816-0.184l0.104-0.554   c-0.542-0.475-0.913-1.372-0.913-2.152c0-1.124,0.767-2.037,1.713-2.037s1.713,0.913,1.713,2.037c0,0.781-0.369,1.677-0.912,2.152   l0.104,0.554c0.254,0.045,0.537,0.104,0.815,0.184c1.116,0.316,1.708,0.823,1.761,1.51C22.413,10.734,22.164,12.449,21.953,13.736z   ' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Careers</span>
</a>
</li>
<!-- Blog -->
<li class='nav-item active'>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://blog.talosintelligence.com/' id='link_blog'>
<!-- BLOG ICON -->
<svg height='22.25px' viewBox='0 0 26 22.25' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='blog-icon'>
<path d='M24.753,1.356h-2.501l-0.863-0.883C21.091,0.17,20.695,0.002,20.264,0c-0.415,0-0.808,0.16-1.104,0.45  l-0.926,0.906H1.249C0.562,1.356,0,1.917,0,2.604v15.384v0.082v0.568c0,0.717,0.582,1.299,1.3,1.299h15.602l5.297,2.211  l-0.686-2.211H24.7c0.718,0,1.3-0.582,1.3-1.299V18.07v-0.158V2.604C26,1.917,25.438,1.356,24.753,1.356z M6.031,14.773  l13.856-13.58c0.1-0.099,0.233-0.153,0.377-0.153c0.145,0.001,0.279,0.058,0.381,0.161l0.152,0.156l2.089,2.136  c0.102,0.104,0.154,0.24,0.152,0.383c-0.002,0.143-0.06,0.275-0.161,0.374L8.993,17.803l-4.14,1.086L6.031,14.773z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Blog</span>
</a>
</div>
<input class='sub-nav-trigger' id='blog-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='blog-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://blog.talosintelligence.com/'>
<h1>Blog</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='blog-sub-trigger'>BACK</label></li>
<li><a href="https://blog.talosintelligence.com/">Talos Blog</a></li>
<li><a href='https://www.talosintelligence.com/newsletters'>Talos Threat Source Newsletter</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- BLOG ICON -->
<svg height='22.25px' viewBox='0 0 26 22.25' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='blog-icon'>
<path d='M24.753,1.356h-2.501l-0.863-0.883C21.091,0.17,20.695,0.002,20.264,0c-0.415,0-0.808,0.16-1.104,0.45  l-0.926,0.906H1.249C0.562,1.356,0,1.917,0,2.604v15.384v0.082v0.568c0,0.717,0.582,1.299,1.3,1.299h15.602l5.297,2.211  l-0.686-2.211H24.7c0.718,0,1.3-0.582,1.3-1.299V18.07v-0.158V2.604C26,1.917,25.438,1.356,24.753,1.356z M6.031,14.773  l13.856-13.58c0.1-0.099,0.233-0.153,0.377-0.153c0.145,0.001,0.279,0.058,0.381,0.161l0.152,0.156l2.089,2.136  c0.102,0.104,0.154,0.24,0.152,0.383c-0.002,0.143-0.06,0.275-0.161,0.374L8.993,17.803l-4.14,1.086L6.031,14.773z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Podcasts -->
<li class='nav-item'>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://talosintelligence.com/podcasts'>
<!-- PODCAST ICON -->
<svg height='20px' id='Layer_1' style='enable-background:new 0 0 26 20;' version='1.1' viewBox='0 0 26 20' width='26px' x='0px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' y='0px'>
<path class='nav-icon' d='M24.7-0.1H1.3C0.6-0.1,0,0.5,0,1.2v17.4c0,0.7,0.6,1.3,1.3,1.3h23.4c0.7,0,1.3-0.6,1.3-1.3V1.2  C26,0.5,25.4-0.1,24.7-0.1z M9.8,5c0-1.8,1.5-3.2,3.2-3.2c1.8,0,3.2,1.5,3.2,3.2v5.8c0,1.8-1.5,3.2-3.2,3.2c-1.8,0-3.2-1.5-3.2-3.2  V5z M18.5,10.7c0,2.8-2.1,5.2-4.9,5.4V17h2.9c0.3,0,0.6,0.3,0.6,0.6s-0.3,0.6-0.6,0.6h-7c-0.3,0-0.6-0.3-0.6-0.6S9.1,17,9.5,17h2.9  v-0.9c-2.8-0.3-4.9-2.7-4.9-5.4V9.1c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6v1.5c0,2.4,1.9,4.3,4.3,4.3s4.3-1.9,4.3-4.3V9.1  c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6V10.7z' fill='#9EA0A5'></path>
</svg>
<!-- END ICON -->
<span>Podcasts</span>
</a>
</div>
<input class='sub-nav-trigger' id='podcast-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='podcast-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://talosintelligence.com/podcasts'>
<h1>Podcasts</h1>
</a>
</li>
<li><a href='https://talosintelligence.com/podcasts/shows/beers_with_talos'>Beers with Talos</a></li>
<li><a href='https://talosintelligence.com/podcasts/shows/talos_takes'>Talos Takes</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- PODCAST ICON -->
<svg height='20px' id='Layer_1' style='enable-background:new 0 0 26 20;' version='1.1' viewBox='0 0 26 20' width='26px' x='0px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' y='0px'>
<path class='nav-icon' d='M24.7-0.1H1.3C0.6-0.1,0,0.5,0,1.2v17.4c0,0.7,0.6,1.3,1.3,1.3h23.4c0.7,0,1.3-0.6,1.3-1.3V1.2  C26,0.5,25.4-0.1,24.7-0.1z M9.8,5c0-1.8,1.5-3.2,3.2-3.2c1.8,0,3.2,1.5,3.2,3.2v5.8c0,1.8-1.5,3.2-3.2,3.2c-1.8,0-3.2-1.5-3.2-3.2  V5z M18.5,10.7c0,2.8-2.1,5.2-4.9,5.4V17h2.9c0.3,0,0.6,0.3,0.6,0.6s-0.3,0.6-0.6,0.6h-7c-0.3,0-0.6-0.3-0.6-0.6S9.1,17,9.5,17h2.9  v-0.9c-2.8-0.3-4.9-2.7-4.9-5.4V9.1c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6v1.5c0,2.4,1.9,4.3,4.3,4.3s4.3-1.9,4.3-4.3V9.1  c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6V10.7z' fill='#9EA0A5'></path>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- About -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/about'>
<!-- ABOUT ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='about-icon'>
<path d='M24.7-0.062H1.3C0.582-0.062,0,0.52,0,1.241v17.393c0,0.72,0.582,1.304,1.3,1.304h23.4   c0.718,0,1.3-0.584,1.3-1.304V1.241C26,0.52,25.418-0.062,24.7-0.062z M18.704,4.58c-0.318,0.335-0.616,0.647-0.918,0.961   c-0.092-0.115-0.172-0.233-0.272-0.332c-0.099-0.093-0.218-0.166-0.334-0.254c0.296-0.31,0.594-0.621,0.908-0.951   C18.294,4.198,18.494,4.384,18.704,4.58z M6.876,15.064c-0.053-0.062-0.109-0.125-0.16-0.189c-0.861-1.139-1.398-2.413-1.564-3.83   c-0.208-1.776,0.066-3.474,0.963-5.04c0.906-1.584,2.262-2.652,3.947-3.312c1.089-0.428,2.219-0.63,3.391-0.552   c1.519,0.102,2.904,0.596,4.152,1.469c0.035,0.025,0.068,0.052,0.101,0.08c0.005,0.003,0.008,0.012,0.019,0.027   c-0.337,0.349-0.679,0.686-0.998,1.043c-0.105,0.12-0.209,0.142-0.353,0.142c-2.37-0.003-4.741-0.003-7.112-0.003   c-0.692,0-1.208,0.516-1.208,1.208c-0.001,2.211,0,4.419,0,6.628c0,0.33,0.003,0.66,0.001,0.99c0,0.046-0.014,0.102-0.042,0.134   c-0.364,0.395-0.731,0.786-1.098,1.179C6.907,15.046,6.896,15.052,6.876,15.064z M7.174,15.424   c0.329-0.346,0.642-0.672,0.938-0.983c0.072,0.125,0.128,0.259,0.217,0.363c0.09,0.107,0.213,0.184,0.333,0.283   C8.373,15.39,8.08,15.696,7.771,16.02C7.569,15.819,7.375,15.623,7.174,15.424z M19.151,15.117   c-1.184,1.403-2.693,2.287-4.479,2.683c-2.144,0.477-4.15,0.094-6.011-1.064c-0.149-0.091-0.288-0.203-0.43-0.307   c-0.037-0.026-0.07-0.059-0.115-0.098c0.044-0.046,0.083-0.092,0.125-0.136c0.301-0.323,0.599-0.646,0.904-0.966   c0.039-0.041,0.109-0.073,0.165-0.073c1.244-0.003,2.486,0,3.729,0.002c1.174,0.003,2.348,0.007,3.523,0.007   c0.325,0,0.636-0.066,0.891-0.286c0.27-0.235,0.392-0.542,0.392-0.897c0.002-2.56,0.002-5.119-0.001-7.678   c-0.001-0.105,0.029-0.179,0.101-0.252c0.354-0.373,0.705-0.75,1.07-1.139c0.127,0.164,0.257,0.315,0.372,0.476   c1.011,1.43,1.543,3.016,1.525,4.771C20.896,12.011,20.354,13.688,19.151,15.117z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>About</span>
</a>
</li>
<!-- Mobile Only Sign in area -->
<li class='acct_links desktop-hide'>
<a class='login-button' href='https://talosintelligence.com/users/auth/saml'>Cisco Login</a>
</li>
</ul>
</div>
</div>
</nav>
<!-- MOBILE NAVIGATION TRIGGER -->
<input class='nav-trigger' id='nav-trigger' type='checkbox'/>
<label for='nav-trigger'>
<!-- NAVIGATION MENU ICON -->
<svg height='16px' viewBox='0 0 22 16' width='22px' x='0px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink' y='0px'>
<g id='menu-icon'>
<path d='M20.5,3h-19C0.672,3,0,2.329,0,1.5S0.672,0,1.5,0h19C21.328,0,22,0.671,22,1.5S21.328,3,20.5,3z' fill='#FFFFFF'></path>
<path d='M20.5,9.5h-19C0.672,9.5,0,8.828,0,8c0-0.829,0.672-1.5,1.5-1.5h19C21.328,6.5,22,7.171,22,8   C22,8.828,21.328,9.5,20.5,9.5z' fill='#FFFFFF'></path>
<path d='M20.5,16h-19C0.672,16,0,15.328,0,14.5S0.672,13,1.5,13h19c0.828,0,1.5,0.672,1.5,1.5S21.328,16,20.5,16z' fill='#FFFFFF'></path>
</g>
</svg>
<!-- END ICON -->
</label>
<!-- END OF NAVIGATION / BEGINNING OF PAGE CONTENT -->
<div id='page_wrapper'>
<div class='container-fluid full-height'>
<div class='row full-height'>
<div class='col-xs-12 col_single'>
<div class='row'>
<div class='col-xs-12 publication' id='content-wrapper'>
<div id='main-wrapper'>
<div class='main section' id='main'><div class='widget Blog' data-version='1' id='Blog1'>
<div class='blog-posts hfeed'>
<!--Can't find substitution for tag [defaultAdStart]-->

                        <div class="date-outer">
                      
<h2 class='date-header'><span>Wednesday, May 23, 2018</span></h2>

                        <div class="date-posts">
                      
<div class='post-outer'>
<div class='post hentry uncustomized-post-template' itemprop='blogPost' itemscope='itemscope' itemtype='https://schema.org/BlogPosting'>
<meta content='https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/s640/image2.jpg' itemprop='image_url'/>
<meta content='1029833275466591797' itemprop='blogId'/>
<meta content='8747922687130206090' itemprop='postId'/>
<a name='8747922687130206090'></a>
<h3 class='post-title entry-title' itemprop='name'>
New VPNFilter malware targets at least 500K networking devices worldwide
</h3>
<div class='post-header'>
<div class='post-header-line-1'></div>
</div>
<div class='post-body entry-content' id='post-body-8747922687130206090' itemprop='articleBody'>
<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/s1600/image2.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="381" data-original-width="1200" height="202" src="https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/s640/image2.jpg" width="640" /></a></div>
<span style="color: red; font-size: 16px; font-weight: bold;"><br /></span>
<br />
<h2>
Intro</h2>
For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor's widespread use of a sophisticated modular malware system we call "VPNFilter." We have not completed our research, but recent events have convinced us that the correct way forward is to now share our findings so that affected parties can take the appropriate action to defend themselves.&nbsp;&nbsp;In particular, the code of this malware overlaps with versions of the BlackEnergy malware &#8212; which was responsible for multiple large-scale attacks that targeted devices in Ukraine. While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control (C2) infrastructure dedicated to that country. Weighing these factors together, we felt it was best to publish our findings so far prior to completing our research. Publishing early means that we don't yet have all the answers &#8212; we may not even have all the questions &#8212; so this blog represents our findings as of today, and we will update our findings as we continue our investigation.<br />
<br />
Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.<br />
<br />
The type of devices targeted by this actor are difficult to defend. They are frequently on the perimeter of the network, with no intrusion protection system (IPS) in place, and typically do not have an available host-based protection system such as an anti-virus (AV) package. We are unsure of the particular exploit used in any given case, but most devices targeted, particularly in older versions, have known public exploits or default credentials that make compromise relatively straightforward. All of this has contributed to the quiet growth of this threat since at least 2016.<br />
<br />
This post provides the technical findings you would normally see in a Talos blog. In addition, we will detail some thoughts on the tradecraft behind this threat, using our findings and the background of our analysts, to discuss the possible thought process and decisions made by the actor. We will also discuss how to defend against this threat and how to handle a device that may be infected. Finally, we will share the IOCs that we have observed to this point, although we are confident there are more that we have not seen.<br />
<br />
<a name='more'></a><h3>
Brief technical breakdown</h3>
<br />
<br />
The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations.<br />
<br />
The stage 1 malware persists through a reboot, which sets it apart from most other malware that targets internet-of-things devices because malware normally does not survive a reboot of the device. The main purpose of stage 1 is to gain a persistent foothold and enable the deployment of the stage 2 malware. Stage 1 utilizes multiple redundant command and control (C2) mechanisms to discover the IP address of the current stage 2 deployment server, making this malware extremely robust and capable of dealing with unpredictable C2 infrastructure changes.<br />
<br />
The stage 2 malware, which does not persist through a reboot, possesses capabilities that we have come to expect in a workhorse intelligence-collection platform, such as file collection, command execution, data exfiltration and device management. However, some versions of stage 2 also possess a self-destruct capability that overwrites a critical portion of the device's firmware and reboots the device, rendering it unusable. Based on the actor's demonstrated knowledge of these devices, and the existing capability in some stage 2 versions, we assess with high confidence that the actor could deploy this self-destruct command to most devices that it controls, regardless of whether the command is built into the stage 2 malware.<br />
<br />
In addition, there are multiple stage 3 modules that serve as plugins for the stage 2 malware. These plugins provide stage 2 with additional functionality. As of this writing, we are aware of two plugin modules: a packet sniffer for collecting traffic that passes through the device, including theft of website credentials and monitoring of Modbus SCADA protocols, and a communications module that allows stage 2 to communicate over Tor. We assess with high confidence that several other plugin modules exist, but we have yet to discover them.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-IvGAKgTghuk/WwT1mTgI31I/AAAAAAAAAhE/TaZFBk8b-Jwyv0cYS6uITcWdNjq3V8jZQCLcBGAs/s1600/image5.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1067" data-original-width="1459" height="468" src="https://4.bp.blogspot.com/-IvGAKgTghuk/WwT1mTgI31I/AAAAAAAAAhE/TaZFBk8b-Jwyv0cYS6uITcWdNjq3V8jZQCLcBGAs/s640/image5.jpg" width="640" /></a></div>
<span style="color: red; font-size: 16px; font-weight: bold;"><br /></span>
<br />
<h3>
Tradecraft discussion</h3>
<br />
<br />
We assess with high confidence that this malware is used to create an expansive, hard-to-attribute infrastructure that can be used to serve multiple operational needs of the threat actor. Since the affected devices are legitimately owned by businesses or individuals, malicious activity conducted from infected devices could be mistakenly attributed to those who were actually victims of the actor. The capabilities built into the various stages and plugins of the malware are extremely versatile and would enable the actor to take advantage of devices in multiple ways.<br />
<br />
Advanced threat actors, including nation-states, will try to make attribution of their cyber activities extremely difficult, unless it is in their interest for it to be openly known that they conducted a specific act. To this end, advanced threat actors use multiple techniques, including co-opting infrastructure owned by someone else to conduct their operations. The actor could easily use devices infected with this malware as hop points before connecting to their final victim in order to obfuscate their true point of origin.<br />
<br />
The malware can also be leveraged to collect data that flows through the device. This could be for straightforward data-collection purposes, or to assess the potential value of the network that the device serves. If the network was deemed as having information of potential interest to the threat actor, they may choose to continue collecting content that passes through the device or to propagate into the connected network for data collection. At the time of this posting, we have not been able to acquire a third-stage plugin that would enable further exploitation of the network served by the device. However, we have seen indications that it does exist, and we assess that it is highly likely that such an advanced actor would naturally include that capability in malware that is this modular.<br />
<br />
Finally, this malware could be used to conduct a large-scale destructive attack by using the "kill" command, which would render some or all of the physical devices unusable. This command is present in many of the stage 2 samples we've observed, but could also be triggered by utilizing the "exec" command available in all stage 2 samples. In most cases, this action is unrecoverable by most victims, requiring technical capabilities, know-how, or tools that no consumer should be expected to have. We are deeply concerned about this capability, and it is one of the driving reasons we have been quietly researching this threat over the past few months.<br />
<br />
<h3>
Observed activities of concern</h3>
<br />
<br />
As we have researched this threat, we have put into place monitoring and scanning to gain an understanding of the scope of this threat and the behaviors of infected devices. Our analysis has shown that this is a global, broadly deployed threat that is actively seeking to increase its footprint. While our research continues, we have also observed activity potentially associated with this actor that indicates possible data exfiltration activity.<br />
<br />
In early May, we observed infected devices conducting TCP scans on ports 23, 80, 2000 and 8080. These ports are indicative of scanning for additional Mikrotik and QNAP NAS devices, which can be found using these ports. These scans targeted devices in more than 100 countries.<br />
<br />
We also used our telemetry to discover potentially infected devices globally. We evaluated their collective behavior to try and identify additional features of the C2 infrastructure. Many of these victim IPs appeared to demonstrate behavior that strongly indicated data exfiltration.<br />
<br />
Finally, on May 8, we observed a sharp spike in VPNFilter infection activity. Almost all of the newly acquired victims were located in Ukraine. Also of note, a majority of Ukrainian infections shared a separate stage 2 C2 infrastructure from the rest of the world, on IP 46.151.209[.]33. By this point, we were aware of the code overlap between BlackEnergy and VPNFilter and that the timing of previous attacks in Ukraine suggested that an attack could be imminent. Given each of these factors, and in consultation with our partners, we immediately began the process to go public before completing our research.<br />
<br />
As we continued to move forward with the public disclosure, we observed another substantial increase in newly acquired VPNFilter victims focused in Ukraine on May 17. This continued to drive our decision to publish our research as soon as possible.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://1.bp.blogspot.com/-5XzNgdjggXc/WwT1t4aZPPI/AAAAAAAAAhI/lkD4GBHPwK4CKoyUTBOV8rB6stqI_fwpwCLcBGAs/s1600/image4.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="662" data-original-width="1065" height="396" src="https://1.bp.blogspot.com/-5XzNgdjggXc/WwT1t4aZPPI/AAAAAAAAAhI/lkD4GBHPwK4CKoyUTBOV8rB6stqI_fwpwCLcBGAs/s640/image4.png" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small; text-align: start;">Diagram 1. New observed VPNFilter infections over time</span></td></tr>
</tbody></table>
<br />
<h3>
Defending against this threat</h3>
<br />
<br />
Defending against this threat is extremely difficult due to the nature of the affected devices. The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers. This challenge is augmented by the fact that most of the affected devices have publicly known vulnerabilities which are not convenient for the average user to patch. Additionally, most have no built-in anti-malware capabilities. These three facts together make this threat extremely hard to counter, resulting in extremely limited opportunities to interdict malware, remove vulnerabilities, or block threats.<br />
<br />
Despite these challenges, Talos has released protections for this threat from multiple angles, to try to take advantage of the limited options that exist. We developed and deployed more than 100 Snort signatures for the publicly known vulnerabilities for the devices that are associated with this threat. These rules have been deployed in the public Snort set, and can be used by anyone to help defend their devices. In addition, we have done the usual blocklisting of domains/IPs as appropriate and convicting of the hashes associated with this threat to cover those who are protected by the Cisco Security ecosystem. We have reached out to Linksys, Mikrotik, Netgear, TP-Link and QNAP regarding this issue. (Note: QNAP has been aware of certain aspects of VPNFilter and previously done work to counter the threat.) Finally, we have also shared these indicators and our research with international law enforcement and our fellow members of the <a href="https://www.cyberthreatalliance.org/">Cyber Threat Alliance</a> in advance of this publication so they could move quickly to help counter this threat more broadly. <br />
<br />
<h3>
Recommendations</h3>
<br />
<br />
We recommend that:<br />
<br />
<ul>
<li>
Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware. </li>
<li>
Internet service providers that provide SOHO routers to their users reboot the routers on their customers' behalf. </li>
<li>
If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.</li>
<li>
ISPs work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.</li>
</ul>
<br />
<br />
Due to the potential for destructive action by the threat actor, we recommend out of an abundance of caution that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.<br />
<br />
<h3>
Multi-Stage Technical Details</h3>
<br />
<br />
<h4>
Exploitation</h4>
<br />
<br />
At the time of this publication, we do not have definitive proof on how the threat actor is exploiting the affected devices. However, all of the affected makes/models that we have uncovered had well-known, public vulnerabilities. Since advanced threat actors tend to only use the minimum resources necessary to accomplish their goals, we assess with high confidence that VPNFilter required no zero-day exploitation techniques.<br />
<br />
<h4>
Stage 1 (persistent loader)</h4>
<br />
<br />
VPNFilter's stage 1 malware infects devices running firmware based on Busybox and Linux, and is compiled for several CPU architectures. The main purpose of these first-stage binaries is to locate a server providing a more fully featured second stage, and to download and maintain persistence for this next stage on infected devices. It is capable of modifying non-volatile configuration memory (NVRAM) values and adds itself to crontab, the Linux job scheduler, to achieve persistence. This is a departure from previous IoT malware, like Mirai, which is ephemeral and disappears with a simple device reboot. <br />
<br />
Talos analyzed samples for MIPS and x86 processors. The C2 communication and additional malware downloads occur over Tor or SSL-encrypted connections. While the binaries themselves are not obfuscated beyond being stripped, some strings are stored in an encrypted form, and are only decrypted at runtime. The decryption routine looked suspiciously similar to RC4 in the static analysis, but it looks like the malware authors got the initialization of the S-boxes wrong. During the permutation step, values are XOR&#8217;d, but not swapped. Analysis of this RC4 implementation shows that it is identical to the implementation used in BlackEnergy, which is&nbsp;<a href="https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf">believed by law enforcement agencies to originate with a state actor.</a><br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-6WjeSR1zw6o/WwT16Bkvr7I/AAAAAAAAAhQ/a3-fhs7V2hE4uOcg5c6WF-iozv2zFA7WQCLcBGAs/s1600/image3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="579" data-original-width="543" height="640" src="https://4.bp.blogspot.com/-6WjeSR1zw6o/WwT16Bkvr7I/AAAAAAAAAhQ/a3-fhs7V2hE4uOcg5c6WF-iozv2zFA7WQCLcBGAs/s640/image3.png" width="600" /></a></div>
<span style="color: red; font-size: 16px; font-weight: bold;"><br /></span>
<br />
The RC4 initialization XORs the values in the permutation phase of the internal state initialization. As you can see in the last basic block, the code doesn't swap the values of S[i] and S[j] (compared to the RC4 pseudo code below). <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-jX5UWqKOnMw/WwT2AvCFgFI/AAAAAAAAAhY/I_eOmL18YNAmOoK_R5oUCdv87sWGKLRVwCLcBGAs/s1600/image1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="152" data-original-width="408" height="148" src="https://3.bp.blogspot.com/-jX5UWqKOnMw/WwT2AvCFgFI/AAAAAAAAAhY/I_eOmL18YNAmOoK_R5oUCdv87sWGKLRVwCLcBGAs/s400/image1.png" width="400" /></a></div>
<br />
<br />
Once the malware has completed initialization, it starts to download pages from the seed URLs. In the MIPS sample cache and all but one URL of the x86 sample, the URLs pointed to Photobucket.com, an image-sharing host. The malware downloads the first image from the gallery the URL is referencing, and then proceeds to extract the download server's IP address. The IP address is extracted from six integer values for GPS latitude and longitude in the EXIF information.<br />
<br />
If stage 1 fails to connect to, download an image from, or successfully acquire an IP address via an image from Photobucket, the malware reaches out to a backup domain, toknowall[.]com, to download an image and attempt the same process.<br />
<br />
If the attempt to the backup domain fails, stage 1 opens a listener that waits for a specific trigger packet to open a connection for the actor to connect interactively to the device. When the listener opens, it checks its public IP from api.ipify[.]org and stores it for later comparison. Then, when any packet arrives on any port, the listener performs a series of checks to identify a trigger packet. If the packet meets a predefined set of criteria, it will extract an IP address from the packet and attempt a stage 2 download.<br />
<br />
<h4>
Listener actions:</h4>
<ol>
<li>
Inspects all TCP/IPv4 packets with a SYN flag set</li>
<li>
Checks that the destination IP matches what it found when the listener opened (Note: if the listener failed to get an IP from api.ipify[.]org it will skip this check)</li>
<li>
Makes sure the packet has eight or more bytes</li>
<li>
Scans the data for the bytes \x0c\x15\x22\x2b</li>
<li>
The bytes directly after that 4-byte marker are interpreted as an IP so \x01\x02\x03\x04 becomes -&gt; 1.2.3[.]4</li>
<li>
Calls out to the newly received IP as usual for stage 2</li>
<li>
Confirms that stage 2 is at least 1,001 bytes (Note: this is much smaller than the other callout methods which require the stage 2 to be 100,000 or more)</li>
</ol>
<br />
<br />
<h4>
Stage 2 (non-persistent)</h4>
<br />
<br />
The stage 2 malware first sets up the working environment by creating a modules folder (/var/run/vpnfilterm) and a working directory (/var/run/vpnfilterw). Afterward, it will run in a loop, where it first reaches out to a C2 server, and then executes commands retrieved from the C2. The command names are encrypted with the same broken RC4 function as in stage 1. Fortunately, older versions of x86 stage 2 sample were very verbose, and debug printed all the steps it performed. Newer versions of the x86 stage 2 did not contain the debug prints, nor did the MIPS sample.<br />
<br />
The x86 sample can perform the following operations:<br />
<br />
<ul>
<li>
kill: Overwrites the first 5,000 bytes of /dev/mtdblock0 with zeros, and reboots the device (effectively bricking it).</li>
<li>
exec: Executes a shell command or plugin.</li>
<li>
tor: Sets the Tor configuration flag (0 or 1).</li>
<li>
copy: Copies a file from the client to the server.</li>
<li>
seturl: Sets the URL of the current configuration panel.</li>
<li>
proxy: Sets the current proxy URL.</li>
<li>
port: Sets the current proxy port.</li>
<li>
delay: Sets the delay between main loop executions.</li>
<li>
reboot: Reboots the device if it has been up for more than 256 seconds, and the build name is specified in the parameter.</li>
<li>
download: Downloads a URL to a file. This can be applied to all devices or just a certain build name.</li>
</ul>
<br />
<br />
The MIPS sample has the following additional operations:<br />
<br />
<ul>
<li>
stop: Terminate the malware process.</li>
<li>
relay: A misspelled version of the `delay` command from the x86 version.</li>
</ul>
<br />
<br />
Until the Tor module is installed, stage 2 will use one or more IPs stored in its configuration as SOCKS5 proxies to Tor and attempt to communicate with a control panel also found in its configuration. Like in stage 1, the communication between the malware and the proxy will connect over a verified SSL connection. When the Tor module is installed, it will connect to .onion domains through the local SOCKS5 proxy provided by the module over plain HTTP instead. We used a fake SOCKS5 proxy, which redirects all traffic to INetSim for analysis.<br />
<br />
An example request from the malware to the server:<br />
<br />
{<br />
<br />
"uq":"px(01:02:03:04:05:06)",<br />
<br />
"pv":"pPRXi686QNAPX86",<br />
<br />
"ad":"10.0.0.1",<br />
<br />
"bv":"0.11.1a/0.3.9qa",<br />
<br />
"nn":"YnVpbGRyb290",<br />
<br />
"tn":"",<br />
<br />
"on":"1"<br />
<br />
}<br />
<br />
The malware encodes this request into a JSON object, which is then base64-encoded and sent to the path /bin32/update.php in the HTTP POST parameter "me". The user agent used in the request is peculiar (Mozilla/6.1 (compatible; MSIE 9.0; Windows NT 5.3; Trident/5.0)), as a version "Windows NT 5.3" doesn't exist.<br />
<br />
<ul>
<li>
uq: A unique ID for the infected device (the MAC address of the malware's network interface).</li>
<li>
pv: The platform version the malware is running on</li>
<li>
ad: The public IP address of the malware's device</li>
<li>
bv: Version of the stage 1 loader (0.3.9qa) and the stage 2 binary (0.11.1a)</li>
<li>
nn: The node name</li>
<li>
tn: The Tor flag</li>
<li>
on: The onion flag</li>
</ul>
<br />
<br />
The server's response to the message:<br />
<br />
{<br />
<br />
"tr":3060,<br />
<br />
"pxs":["217.12.202.40","94.242.222.68","91.121.109.209"],<br />
<br />
"tor":"tor 1",<br />
<br />
"mds":[]<br />
<br />
}<br />
<br />
<ul>
<li>
tr: Sets the delay for the main loop.</li>
<li>
pxs: List of panels to connect to. These are the C2 servers.</li>
<li>
tor: Sets the name and version of the Tor module.</li>
<li>
mds: A list of modules to fetch. Each entry is in the format "&lt;command_id&gt; &lt;module_id&gt; &lt;module_name&gt; &lt;module_args (base64-encoded)&gt;". The malware will download the module from /bin32/update.php by setting the POST form parameter me to the module name with the architecture appended, e.g., tor_i686 for the Tor module, and execute it in each iteration. A blank list of commands (as in the example response above) will clear any existing commands by deactivating them and killing any running processes associated with them.</li>
</ul>
<br />
<br />
<h4>
Stage 3 (non-persistent)</h4>
<br />
<br />
We have analyzed two plugin modules for the malware, a packet sniffer and a communication plugin that allows the malware to communicate over Tor. We assess with high confidence that there are likely several more that we have not yet discovered. Among the initial samples Talos acquired, there was a plugin for the MIPS stage 2, which is a packet sniffer. It intercepts all network traffic through a raw socket and looks for strings used in HTTP basic authentications. Further, it specifically tracks Modbus TCP/IP packets. The resulting log file is placed in the stage 2 working directory, /var/run/vpnfilterw. This allows the attackers to understand, capture, and track the traffic flowing through the device. <br />
<br />
The Tor plugin module is partially linked into stage 2, but has a separate Tor executable, which is downloaded to /var/run/tor and run in a process separate from stage 2. The Tor binary looks like the standard Tor client, in the form of a statically linked and stripped binary. It creates a configuration file in /var/run/torrc and a working directory in /var/run/tord.<br />
<br />
<h2>
Conclusion </h2>
<br />
<br />
VPNFilter is an expansive, robust, highly capable, and dangerous threat that targets devices that are challenging to defend. Its highly modular framework allows for rapid changes to the actor's operational infrastructure, serving their goals of misattribution, intelligence collection, and finding a platform to conduct attacks. <br />
<br />
The destructive capability particularly concerns us. This shows that the actor is willing to burn users' devices to cover up their tracks, going much further than simply removing traces of the malware. If it suited their goals, this command could be executed on a broad scale, potentially rendering hundreds of thousands of devices unusable, disabling internet access for hundreds of thousands of victims worldwide or in a focused region where it suited the actor's purposes.<br />
<br />
While the threat to IoT devices is nothing new, the fact that these devices are being used by advanced nation-state actors to conduct cyber operations, which could potentially result in the destruction of the device, has greatly increased the urgency of dealing with this issue. We call on the entire security community to join us in aggressively countering this threat.<br />
<br />
We will continue to monitor VPNFilter and work with our partners to understand the threat as it continues to evolve in order to ensure that our customers remain protected and the public is informed.<br />
<br />
<h3>
IOCs</h3>
<br />
<br />
As stated previously, we highly suspect that there are additional IOCs and versions of this malware that we are not currently aware of. The following list of IOCs comprises what we know as of this date.<br />
<br />
<h3>
Known C2 Domains and IPs</h3>
<br />
<br />
<h4>
Associated with the 1st Stage</h4>
<br />
photobucket[.]com/user/nikkireed11/library<br />
photobucket[.]com/user/kmila302/library<br />
photobucket[.]com/user/lisabraun87/library<br />
photobucket[.]com/user/eva_green1/library<br />
photobucket[.]com/user/monicabelci4/library<br />
photobucket[.]com/user/katyperry45/library<br />
photobucket[.]com/user/saragray1/library<br />
photobucket[.]com/user/millerfred/library<br />
photobucket[.]com/user/jeniferaniston1/library<br />
photobucket[.]com/user/amandaseyfried1/library<br />
photobucket[.]com/user/suwe8/library<br />
photobucket[.]com/user/bob7301/library<br />
toknowall[.]com<br />
<br />
<h4>
Associated with the 2nd Stage</h4>
<br />
91.121.109[.]209<br />
217.12.202[.]40<br />
94.242.222[.]68<br />
82.118.242[.]124<br />
46.151.209[.]33<br />
217.79.179[.]14<br />
91.214.203[.]144<br />
95.211.198[.]231<br />
195.154.180[.]60<br />
5.149.250[.]54<br />
91.200.13[.]76<br />
94.185.80[.]82<br />
62.210.180[.]229<br />
zuh3vcyskd4gipkm[.]onion/bin32/update.php<br />
<br />
<h3>
Known File Hashes</h3>
<br />
<br />
<h4>
1st Stage Malware</h4>
<br />
50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec<br />
0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92<br />
<br />
<h4>
2nd Stage Malware</h4>
<br />
9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17<br />
d6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e<br />
4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b<br />
9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387<br />
37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4<br />
776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d<br />
8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1<br />
0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b<br />
<br />
<h4>
3rd Stage Plugins </h4>
<br />
f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344<br />
afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719<br />
<br />
<h4>
Self-Signed Certificate Fingerprints</h4>
<br />
d113ce61ab1e4bfcb32fb3c53bd3cdeee81108d02d3886f6e2286e0b6a006747<br />
c52b3901a26df1680acbfb9e6184b321f0b22dd6c4bb107e5e071553d375c851<br />
f372ebe8277b78d50c5600d0e2af3fe29b1e04b5435a7149f04edd165743c16d<br />
be4715b029cbd3f8e2f37bc525005b2cb9cad977117a26fac94339a721e3f2a5<br />
27af4b890db1a611d0054d5d4a7d9a36c9f52dffeb67a053be9ea03a495a9302<br />
110da84f31e7868ad741bcb0d9f7771a0bb39c44785055e6da0ecc393598adc8<br />
fb47ba27dceea486aab7a0f8ec5674332ca1f6af962a1724df89d658d470348f<br />
b25336c2dd388459dec37fa8d0467cf2ac3c81a272176128338a2c1d7c083c78<br />
cd75d3a70e3218688bdd23a0f618add964603736f7c899265b1d8386b9902526<br />
110da84f31e7868ad741bcb0d9f7771a0bb39c44785055e6da0ecc393598adc8<br />
909cf80d3ef4c52abc95d286df8d218462739889b6be4762a1d2fac1adb2ec2b<br />
044bfa11ea91b5559f7502c3a504b19ee3c555e95907a98508825b4aa56294e4<br />
c0f8bde03df3dec6e43b327378777ebc35d9ea8cfe39628f79f20b1c40c1b412<br />
8f1d0cd5dd6585c3d5d478e18a85e7109c8a88489c46987621e01d21fab5095d<br />
d5dec646c957305d91303a1d7931b30e7fb2f38d54a1102e14fd7a4b9f6e0806<br />
c0f8bde03df3dec6e43b327378777ebc35d9ea8cfe39628f79f20b1c40c1b412<br />
<h3>
Known Affected Devices</h3>
<br />
<br />
The following devices are known to be affected by this threat. Based on the scale of this research, much of our observations are remote and not on the device, so it is difficult to determine specific version numbers and models in many cases. It should be noted that all of these devices have publicly known vulnerabilities associated with them.<br />
<br />
Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected.<br />
<br />
<h4>
Linksys Devices:</h4>
<br />
E1200<br />
E2500<br />
WRVS4400N<br />
<br />
<h4>
Mikrotik RouterOS Versions for Cloud Core Routers:</h4>
<br />
1016<br />
1036<br />
1072<br />
<br />
<h4>
Netgear Devices:</h4>
<br />
DGN2200<br />
R6400<br />
R7000<br />
R8000<br />
WNR1000<br />
WNR2000<br />
<br />
<h4>
QNAP Devices:</h4>
<br />
TS251<br />
TS439 Pro<br />
Other QNAP NAS devices running QTS software<br />
<br />
<h4>
TP-Link Devices:</h4>
<br />
R600VPN<br />
<br />
<h2>
Coverage</h2>
<br />
Cisco customers are protected by this threat by Cisco Advanced Malware Protection (AMP), Cloud Web Security (CWS), Network Security, ThreatGrid, Umbrella, and Web Security Appliance (WSA).  Additionally, StealthWatch and StealthWatch Cloud can be utilized to find devices communicating with the known C2 IP addresses and domains.<br />
<br />
In StealthWatch, two items need to be configured to send an alert that there are communications to nefarious IP addresses. <br />
<br />
<ul>
<li>
The first step is to create a new Host Group named "VPNFilter C2" under Outside Hosts using the Java user interface.  </li>
<li>
Once this is created, you will likely want to validate that there are no active communications presently occurring.  </li>
<li>
This validation can be achieved by right-clicking on the recently created "VPNFilter C2" Host Group and navigating to Top -&gt; Conversations -&gt; Total.  </li>
<li>
Once you are viewing these top conversations, you will easily be able to see if there is active traffic.  </li>
<li>
In the event that there is no active traffic, an alarm can be created to generate alerts in the event that traffic to or from any of the "VPNFilter C2" hosts is observed.  </li>
<li>
This alarm can be configured by creating a custom event and selecting the appropriate hosts or objects in the web user interface.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-_ogPmjz76jU/WNV3hnWGDuI/AAAAAAAAALo/eomUxs4Xgg8HjpgVutgDiFovJk_pqBAmACPcBGAYYCw/s1600/no-email-security.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1194" data-original-width="1600" height="238" src="https://4.bp.blogspot.com/-_ogPmjz76jU/WNV3hnWGDuI/AAAAAAAAALo/eomUxs4Xgg8HjpgVutgDiFovJk_pqBAmACPcBGAYYCw/s320/no-email-security.png" width="320" /></a></div>
<br />
<br />
<br />
<h4>
VPNFilter specific Snort detection:</h4>
<br />
<br />
45563 45564 46782 46783<br />
<br />
<h4>
Snort rules that protect against known vulnerabilities in affected devices:</h4>
<br />
<br />
25589 26276 26277 26278 26279 29830 29831 44743 46080 46081 46082 46083 46084 46085 46086 46287 46121 46122 46123 46124 41445 44971 46297 46298 46299 46300 46301 46305 46306 46307 46308 46309 46310 46315 46335 46340 46341 46342 46376 46377 37963 45555 46076 40063 44643 44790 26275 35734 41095 41096 41504 41698 41699 41700 41748 41749 41750 41751 44687 44688 44698 44699 45001 46312 46313 46314 46317 46318 46322 46323 40866 40907 45157<br />
<br />
<h4>
ClamAV Signatures:</h4>
<br />
Unix.Trojan.Vpnfilter-6425811-0<br />
Unix.Trojan.Vpnfilter-6425812-0<br />
Unix.Trojan.Vpnfilter-6550590-0<br />
Unix.Trojan.Vpnfilter-6550591-0<br />
Unix.Trojan.Vpnfilter-6550592-0</div>
<div style='clear: both;'></div>
</div>
<div class='post-footer'>
<div class='post-footer-line post-footer-line-1'>
<span class='post-author vcard'>
Posted by
<span class='fn' itemprop='author' itemscope='itemscope' itemtype='https://schema.org/Person'>
<meta content='https://www.blogger.com/profile/12206979422726316011' itemprop='url'/>
<a class='g-profile' href='https://www.blogger.com/profile/12206979422726316011' rel='author' title='author profile'>
<span itemprop='name'>William Largent</span>
</a>
</span>
</span>
<span class='post-timestamp'>
at
<meta content='http://blog.talosintelligence.com/2018/05/VPNFilter.html' itemprop='url'/>
<a class='timestamp-link' href='https://blog.talosintelligence.com/2018/05/VPNFilter.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2018-05-23T09:00:00-04:00'>9:00 AM</abbr></a>
</span>
<span class='reaction-buttons'>
</span>
<span class='post-comment-link'>
</span>
<span class='post-backlinks post-comment-link'>
</span>
<span class='post-icons'>
<span class='item-control blog-admin pid-401639434'>
<a href='https://www.blogger.com/post-edit.g?blogID=1029833275466591797&postID=8747922687130206090&from=pencil' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='https://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
</span>
</span>
<div class='post-share-buttons goog-inline-block'>
</div>
</div>
<div class='post-footer-line post-footer-line-2'>
<span class='post-labels'>
Labels:
<a href='https://blog.talosintelligence.com/search/label/AMP' rel='tag'>AMP</a>,
<a href='https://blog.talosintelligence.com/search/label/ClamAV' rel='tag'>ClamAV</a>,
<a href='https://blog.talosintelligence.com/search/label/IoT' rel='tag'>IoT</a>,
<a href='https://blog.talosintelligence.com/search/label/Snort%20Rules' rel='tag'>Snort Rules</a>,
<a href='https://blog.talosintelligence.com/search/label/Talos' rel='tag'>Talos</a>,
<a href='https://blog.talosintelligence.com/search/label/threat%20intelligence' rel='tag'>threat intelligence</a>,
<a href='https://blog.talosintelligence.com/search/label/Threat%20Research' rel='tag'>Threat Research</a>,
<a href='https://blog.talosintelligence.com/search/label/VPNFilter' rel='tag'>VPNFilter</a>
</span>
</div>
<div class='post-footer-line post-footer-line-3'>
<div style='text-align: left;'>
<div class='social-media-share'>
<div class='social-call'><span>Share This Post</span></div>
<a class='facebook' data-text='New VPNFilter malware targets at least 500K networking devices worldwide' href='https://www.facebook.com/sharer.php?u=https://blog.talosintelligence.com/2018/05/VPNFilter.html&text=New VPNFilter malware targets at least 500K networking devices worldwide' rel='nofollow' target='_blank' title='Share This On Facebook'>
<img alt='Facebook share' border='0' src='https://www.talosintelligence.com/assets/icon_fb-share_grey.svg'/>
</a>
<a class='twitter' data-text='New VPNFilter malware targets at least 500K networking devices worldwide' href='https://twitter.com/share?url=https://blog.talosintelligence.com/2018/05/VPNFilter.html&text=New VPNFilter malware targets at least 500K networking devices worldwide' rel='nofollow' target='_blank' title='Tweet This'>
<img alt='Twitter share' border='0' src='https://www.talosintelligence.com/assets/icon_tw-share_grey.svg'/>
</a>
<a class='linkedin' data-text='New VPNFilter malware targets at least 500K networking devices worldwide' href='https://www.linkedin.com/sharing/share-offsite/?url=https://blog.talosintelligence.com/2018/05/VPNFilter.html&text=New VPNFilter malware targets at least 500K networking devices worldwide' rel='nofollow' target='_blank' title='Share This On Linkedin'>
<img alt='Linkedin share' border='0' src='https://www.talosintelligence.com/assets/icon_li-share_grey.svg'/>
</a>
<a class='reddit' data-text='New VPNFilter malware targets at least 500K networking devices worldwide' href='https://www.reddit.com/submit?url=https://blog.talosintelligence.com/2018/05/VPNFilter.html&title=New VPNFilter malware targets at least 500K networking devices worldwide' rel='nofollow' target='_blank' title='Reddit This'>
<img alt='Reddit share' border='0' src='https://www.talosintelligence.com/assets/icon_re-share_grey.svg'/>
</a>
<a href='mailto:?body=https://blog.talosintelligence.com/2018/05/VPNFilter.html&subject=New VPNFilter malware targets at least 500K networking devices worldwide'>
<img alt='Email This' border='0' src='https://www.talosintelligence.com/assets/icon_em-share_grey.svg'/>
</a>
</div>
</div>
<span class='post-location'>
</span>
</div>
</div>
</div>
<div class='comments' id='comments'>
<a name='comments'></a>
<h4>9 comments:</h4>
<div class='comments-content'>
<script async='async' src='' type='text/javascript'></script>
<script type='text/javascript'>
                  (function() {
                    var items = null;
                    var msgs = null;
                    var config = {};

              // <![CDATA[
                    var cursor = null;
                    if (items && items.length > 0) {
                      cursor = parseInt(items[items.length - 1].timestamp) + 1;
                    }

                    var bodyFromEntry = function(entry) {
                      if (entry.gd$extendedProperty) {
                        for (var k in entry.gd$extendedProperty) {
                          if (entry.gd$extendedProperty[k].name == 'blogger.contentRemoved') {
                            return '<span class="deleted-comment">' + entry.content.$t + '</span>';
                          }
                        }
                      }
                      return entry.content.$t;
                    }

                    var parse = function(data) {
                      cursor = null;
                      var comments = [];
                      if (data && data.feed && data.feed.entry) {
                        for (var i = 0, entry; entry = data.feed.entry[i]; i++) {
                          var comment = {};
                          // comment ID, parsed out of the original id format
                          var id = /blog-(\d+).post-(\d+)/.exec(entry.id.$t);
                          comment.id = id ? id[2] : null;
                          comment.body = bodyFromEntry(entry);
                          comment.timestamp = Date.parse(entry.published.$t) + '';
                          if (entry.author && entry.author.constructor === Array) {
                            var auth = entry.author[0];
                            if (auth) {
                              comment.author = {
                                name: (auth.name ? auth.name.$t : undefined),
                                profileUrl: (auth.uri ? auth.uri.$t : undefined),
                                avatarUrl: (auth.gd$image ? auth.gd$image.src : undefined)
                              };
                            }
                          }
                          if (entry.link) {
                            if (entry.link[2]) {
                              comment.link = comment.permalink = entry.link[2].href;
                            }
                            if (entry.link[3]) {
                              var pid = /.*comments\/default\/(\d+)\?.*/.exec(entry.link[3].href);
                              if (pid && pid[1]) {
                                comment.parentId = pid[1];
                              }
                            }
                          }
                          comment.deleteclass = 'item-control blog-admin';
                          if (entry.gd$extendedProperty) {
                            for (var k in entry.gd$extendedProperty) {
                              if (entry.gd$extendedProperty[k].name == 'blogger.itemClass') {
                                comment.deleteclass += ' ' + entry.gd$extendedProperty[k].value;
                              } else if (entry.gd$extendedProperty[k].name == 'blogger.displayTime') {
                                comment.displayTime = entry.gd$extendedProperty[k].value;
                              }
                            }
                          }
                          comments.push(comment);
                        }
                      }
                      return comments;
                    };

                    var paginator = function(callback) {
                      if (hasMore()) {
                        var url = config.feed + '?alt=json&v=2&orderby=published&reverse=false&max-results=50';
                        if (cursor) {
                          url += '&published-min=' + new Date(cursor).toISOString();
                        }
                        window.bloggercomments = function(data) {
                          var parsed = parse(data);
                          cursor = parsed.length < 50 ? null
                              : parseInt(parsed[parsed.length - 1].timestamp) + 1
                          callback(parsed);
                          window.bloggercomments = null;
                        }
                        url += '&callback=bloggercomments';
                        var script = document.createElement('script');
                        script.type = 'text/javascript';
                        script.src = url;
                        document.getElementsByTagName('head')[0].appendChild(script);
                      }
                    };
                    var hasMore = function() {
                      return !!cursor;
                    };
                    var getMeta = function(key, comment) {
                      if ('iswriter' == key) {
                        var matches = !!comment.author
                            && comment.author.name == config.authorName
                            && comment.author.profileUrl == config.authorUrl;
                        return matches ? 'true' : '';
                      } else if ('deletelink' == key) {
                        return config.baseUri + '/delete-comment.g?blogID='
                             + config.blogId + '&postID=' + comment.id;
                      } else if ('deleteclass' == key) {
                        return comment.deleteclass;
                      }
                      return '';
                    };

                    var replybox = null;
                    var replyUrlParts = null;
                    var replyParent = undefined;

                    var onReply = function(commentId, domId) {
                      if (replybox == null) {
                        // lazily cache replybox, and adjust to suit this style:
                        replybox = document.getElementById('comment-editor');
                        if (replybox != null) {
                          replybox.height = '250px';
                          replybox.style.display = 'block';
                          replyUrlParts = replybox.src.split('#');
                        }
                      }
                      if (replybox && (commentId !== replyParent)) {
                        replybox.src = '';
                        document.getElementById(domId).insertBefore(replybox, null);
                        replybox.src = replyUrlParts[0]
                            + (commentId ? '&parentID=' + commentId : '')
                            + '#' + replyUrlParts[1];
                        replyParent = commentId;
                      }
                    };

                    var hash = (window.location.hash || '#').substring(1);
                    var startThread, targetComment;
                    if (/^comment-form_/.test(hash)) {
                      startThread = hash.substring('comment-form_'.length);
                    } else if (/^c[0-9]+$/.test(hash)) {
                      targetComment = hash.substring(1);
                    }

                    // Configure commenting API:
                    var configJso = {
                      'maxDepth': config.maxThreadDepth
                    };
                    var provider = {
                      'id': config.postId,
                      'data': items,
                      'loadNext': paginator,
                      'hasMore': hasMore,
                      'getMeta': getMeta,
                      'onReply': onReply,
                      'rendered': true,
                      'initComment': targetComment,
                      'initReplyThread': startThread,
                      'config': configJso,
                      'messages': msgs
                    };

                    var render = function() {
                      if (window.goog && window.goog.comments) {
                        var holder = document.getElementById('comment-holder');
                        window.goog.comments.render(holder, provider);
                      }
                    };

                    // render now, or queue to render when library loads:
                    if (window.goog && window.goog.comments) {
                      render();
                    } else {
                      window.goog = window.goog || {};
                      window.goog.comments = window.goog.comments || {};
                      window.goog.comments.loadQueue = window.goog.comments.loadQueue || [];
                      window.goog.comments.loadQueue.push(render);
                    }
                  })();
              // ]]>
                </script>
<div id='comment-holder'>
<div class="comment-thread toplevel-thread"><ol id="top-ra"><li class="comment" id="c7444373737057099334"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/09952491432165225050" rel="nofollow">Unknown</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1527094545305#c7444373737057099334">May 23, 2018 at 12:55 PM</a></span></div><p class="comment-content">I&#39;ve always wondered why there isn&#39;t anti-malware available for every IOT device. Security by obscurity isn&#39;t security.</p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="7444373737057099334">Reply</a><span class="item-control blog-admin blog-admin pid-389467741"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=7444373737057099334">Delete</a></span></span></div><div class="comment-replies"><div id="c7444373737057099334-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c7444373737057099334-ra" class="thread-chrome thread-expanded"><div></div><div id="c7444373737057099334-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="7444373737057099334">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c7444373737057099334-ce"></div></li><li class="comment" id="c7387233140005989877"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user">Anonymous</cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1527101793875#c7387233140005989877">May 23, 2018 at 2:56 PM</a></span></div><p class="comment-content">The trouble with home gateway devices is that as they are the final step on the way out the door, there is nowhere to monitor traffic to them. And you can&#39;t really log into them to check on what&#39;s in cron.<br></p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="7387233140005989877">Reply</a><span class="item-control blog-admin blog-admin pid-1758273467"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=7387233140005989877">Delete</a></span></span></div><div class="comment-replies"><div id="c7387233140005989877-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c7387233140005989877-ra" class="thread-chrome thread-expanded"><div></div><div id="c7387233140005989877-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="7387233140005989877">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c7387233140005989877-ce"></div></li><li class="comment" id="c4092720956318772962"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/10849527781939298785" rel="nofollow">Malwheer</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1527103045419#c4092720956318772962">May 23, 2018 at 3:17 PM</a></span></div><p class="comment-content">Wow, this is a really serious issue and extremely hard to patch it given the nature of these consumer edge devices.</p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="4092720956318772962">Reply</a><span class="item-control blog-admin blog-admin pid-1475888550"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=4092720956318772962">Delete</a></span></span></div><div class="comment-replies"><div id="c4092720956318772962-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c4092720956318772962-ra" class="thread-chrome thread-expanded"><div></div><div id="c4092720956318772962-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="4092720956318772962">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c4092720956318772962-ce"></div></li><li class="comment" id="c7676835259250766191"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/09470747070700475448" rel="nofollow">Unknown</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1527121543107#c7676835259250766191">May 23, 2018 at 8:25 PM</a></span></div><p class="comment-content">Photobucket - should be removing all exif information upon upload, anyway. WTF</p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="7676835259250766191">Reply</a><span class="item-control blog-admin blog-admin pid-1433157746"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=7676835259250766191">Delete</a></span></span></div><div class="comment-replies"><div id="c7676835259250766191-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c7676835259250766191-ra" class="thread-chrome thread-expanded"><div></div><div id="c7676835259250766191-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="7676835259250766191">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c7676835259250766191-ce"></div></li><li class="comment" id="c1509047743290413752"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/16448680761608749611" rel="nofollow">Unknown</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1527149911494#c1509047743290413752">May 24, 2018 at 4:18 AM</a></span></div><p class="comment-content">Thank You for help!</p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="1509047743290413752">Reply</a><span class="item-control blog-admin blog-admin pid-385370024"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=1509047743290413752">Delete</a></span></span></div><div class="comment-replies"><div id="c1509047743290413752-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c1509047743290413752-ra" class="thread-chrome thread-expanded"><div></div><div id="c1509047743290413752-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="1509047743290413752">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c1509047743290413752-ce"></div></li><li class="comment" id="c6609978007781622879"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/00690173010472449718" rel="nofollow">Michael Horowitz</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1528043887792#c6609978007781622879">June 3, 2018 at 12:38 PM</a></span></div><p class="comment-content">What does a factory reset of a router really do? Does it install new firmware from a read-only copy? If so, how old is this firmware? Or, does it simply reset the configuration options but make no changes to the installed firmware?  </p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="6609978007781622879">Reply</a><span class="item-control blog-admin blog-admin pid-455183995"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=6609978007781622879">Delete</a></span></span></div><div class="comment-replies"><div id="c6609978007781622879-rt" class="comment-thread inline-thread"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c6609978007781622879-ra" class="thread-chrome thread-expanded"><div><li class="comment" id="c1601161233622838928"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/11062386211690429385" rel="nofollow">Craig Williams</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1528293843407#c1601161233622838928">June 6, 2018 at 10:04 AM</a></span></div><p class="comment-content">That&#39;s a great question for the router manufacturer since it&#39;s almost certain to be inconsistent across venders.  </p><span class="comment-actions secondary-text"><span class="item-control blog-admin blog-admin pid-1912452414"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=1601161233622838928">Delete</a></span></span></div><div class="comment-replies"><div id="c1601161233622838928-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c1601161233622838928-ra" class="thread-chrome thread-expanded"><div></div><div id="c1601161233622838928-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="1601161233622838928">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c1601161233622838928-ce"></div></li></div><div id="c6609978007781622879-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="6609978007781622879">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c6609978007781622879-ce"></div></li><li class="comment" id="c8573255091088348225"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/15301198894244881394" rel="nofollow">Router Login</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1528105123028#c8573255091088348225">June 4, 2018 at 5:38 AM</a></span></div><p class="comment-content">Very interesting. I really like this post..<br><a href="http://storerouterservicesca.com/amped/" rel="nofollow">Amped router support</a></p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="8573255091088348225">Reply</a><span class="item-control blog-admin blog-admin pid-1139456788"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=8573255091088348225">Delete</a></span></span></div><div class="comment-replies"><div id="c8573255091088348225-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c8573255091088348225-ra" class="thread-chrome thread-expanded"><div></div><div id="c8573255091088348225-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="8573255091088348225">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c8573255091088348225-ce"></div></li><li class="comment" id="c5340463889494013322"><div class="avatar-image-container"><img src="" alt=""/></div><div class="comment-block"><div class="comment-header"><cite class="user"><a href="https://www.blogger.com/profile/16703672591806717748" rel="nofollow">doctor</a></cite><span class="icon user "></span><span class="datetime secondary-text"><a rel="nofollow" href="https://blog.talosintelligence.com/2018/05/VPNFilter.html?showComment=1528531008752#c5340463889494013322">June 9, 2018 at 3:56 AM</a></span></div><p class="comment-content">Love your work. Out smart the bad guys!!<br>Respect</p><span class="comment-actions secondary-text"><a class="comment-reply" target="_self" data-comment-id="5340463889494013322">Reply</a><span class="item-control blog-admin blog-admin pid-448947274"><a target="_self" href="https://www.blogger.com/delete-comment.g?blogID=1029833275466591797&amp;postID=5340463889494013322">Delete</a></span></span></div><div class="comment-replies"><div id="c5340463889494013322-rt" class="comment-thread inline-thread hidden"><span class="thread-toggle thread-expanded"><span class="thread-arrow"></span><span class="thread-count"><a target="_self">Replies</a></span></span><ol id="c5340463889494013322-ra" class="thread-chrome thread-expanded"><div></div><div id="c5340463889494013322-continue" class="continue"><a class="comment-reply" target="_self" data-comment-id="5340463889494013322">Reply</a></div></ol></div></div><div class="comment-replybox-single" id="c5340463889494013322-ce"></div></li></ol><div id="top-continue" class="continue"><a class="comment-reply" target="_self">Add comment</a></div><div class="comment-replybox-thread" id="top-ce"></div><div class="loadmore hidden" data-post-id="8747922687130206090"><a target="_self">Load more...</a></div></div>
</div>
</div>
<p class='comment-footer'>
<div class='comment-form'>
<a name='comment-form'></a>
<h4 id='comment-post-message'>Post a Comment</h4>
<p>
</p>
<p>Note: Only a member of this blog may post a comment.</p>
<a href='https://www.blogger.com/comment/frame/1029833275466591797?po=8747922687130206090&hl=en' id='comment-editor-src'></a>
<iframe allowtransparency='true' class='blogger-iframe-colorize blogger-comment-from-post' frameborder='0' height='410' id='comment-editor' name='comment-editor' src='' width='100%'></iframe>
<!--Can't find substitution for tag [post.friendConnectJs]-->
<script src='https://www.blogger.com/static/v1/jsbin/157798655-comment_from_post_iframe.js' type='text/javascript'></script>
<script type='text/javascript'>
                    BLOG_CMT_createIframe('https://www.blogger.com/rpc_relay.html');
                  </script>
</div>
</p>
<div id='backlinks-container'>
<div id='Blog1_backlinks-container'>
</div>
</div>
</div>
</div>

                      </div></div>
                    
<!--Can't find substitution for tag [adEnd]-->
</div>
<div class='blog-pager' id='blog-pager'>
<span id='blog-pager-newer-link'>
<a class='blog-pager-newer-link' href='https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html' id='Blog1_blog-pager-newer-link' title='Newer Post'>Newer Post</a>
</span>
<span id='blog-pager-older-link'>
<a class='blog-pager-older-link' href='https://blog.talosintelligence.com/2018/05/beers-with-talos-ep29-this-is-psa-stop.html' id='Blog1_blog-pager-older-link' title='Older Post'>Older Post</a>
</span>
<a class='home-link' href='https://blog.talosintelligence.com/'>Home</a>
</div>
<div class='clear'></div>
<div class='post-feeds'>
<div class='feed-links'>
Subscribe to:
<a class='feed-link' href='https://blog.talosintelligence.com/feeds/8747922687130206090/comments/default' target='_blank' type='application/atom+xml'>Post Comments (Atom)</a>
</div>
</div>
</div></div>
</div>
<div id='sidebar-wrapper'>
<div class='sidebar section' id='sidebar'><div class='widget HTML' data-version='1' id='HTML1'>
<div class='widget-content'>
<style>   
   
   #search {  
   /* Old browsers */
   background: #dedfe1;
   /* W3C, IE10+, FF16+, Chrome26+, Opera12+, Safari7+ */
   background: 
     url('https://www.talosintelligence.com/assets/icon_search.svg') 96% 50% no-repeat,
     linear-gradient(to right, #dedfe1 0%,#dedfe1 84%,#ef6f09 84%,#ef6f09 100%); 
   /* FF3.6-15 */
   background: 
     url('https://www.talosintelligence.com/assets/icon_search.svg') 96% 50% no-repeat,
     -moz-linear-gradient(left, #dedfe1 0%, #dedfe1 84%, #ef6f09 84%, #ef6f09 100%); 
   /* Chrome10-25,Safari5.1-6 */
   background: 
     url(https://www.talosintelligence.com/assets/icon_search.svg) 96% 50% no-repeat,
     -webkit-linear-gradient(left, #dedfe1 0%,#dedfe1 84%,#ef6f09 84%,#ef6f09 100%); 
   
   text-align: left;  
   padding: 8px 24px 6px 6px;  
   line-height: 1em;
   border-radius: 2px;
   height: 18px; 
   cursor: pointer;
   }  
   #search:focus {
    background-color: #fff;
    box-shadow: inset 0 0 2px 1px #ED6F09;
    outline: none;
   }
   #search #s {  
   background: none;  
   color: #303338; 
   font-family: verdana; 

   font-size: 11px;  
   border: 0;  
   width: 100%;  
   padding: 0;  
   margin: 0;  
   outline: none;  
   }  
   
   </style>  
   
   <div id="search" title="Type and hit enter"> 
<form action="/search" id="searchform" method="get"> 
<input id="s" name="q" type="text" placeholder="Search Blog" /> </form> </div>
</div>
<div class='clear'></div>
</div><div class='widget HTML' data-version='1' id='HTML2'>
<h2 class='title'>categories</h2>
<div class='widget-content'>
<div id="category_list"></div>

<script>
    (function () {
        //These categories MUST match the case of the label IN USE.
        var categories = ['Headlines', 'threats', 'vulnerabilities', 'Threat Roundup'];
        var cat_list = document.getElementById('category_list');
        var selected = [];
        function select_category(e){
            e.preventDefault();
            var cat_path = 'https://blog.talosintelligence.com/search/?q=';
            target = e.target;
            search_target = e.target.getAttribute('data-search');
            var cat_search = 'label:%22' + search_target.replace(/\s/g, '%20') + '%22';
            switch (e.shiftKey) {
                case true:
                    if ( selected.includes(cat_search) ){
                        var index = selected.indexOf(cat_search);
                        selected.splice(index, 1);
                        target.classList.remove('selected');
                    } else {
                        selected.push(cat_search);
                        target.classList.add('selected');
                    }
                    break;
                case false:
                    if (!selected.includes(cat_search)){
                        selected.push(cat_search);
                    }
                    var new_path = selected.join('||');
                    selected = [];
                    location.href = cat_path += new_path;
                    break;
            }
        }
        categories.forEach((cat)=>{
            var span = document.createElement('span');
            var cat_search = cat.replace(/\s/g, '%20');
            var button = document.createElement('button');
            var rss_image = document.createElement('img');
            var rss_a = document.createElement('a');
            button.addEventListener("click", select_category);
            button.innerHTML = cat;
            button.setAttribute('data-search', cat);
            rss_image.setAttribute('src', 'https://www.talosintelligence.com/assets/icon_rss_orange.svg');
            rss_image.setAttribute('align', 'absmiddle');
            rss_a.setAttribute('href', 'https://blog.talosintelligence.com/feeds/posts/default/-/' + cat_search);
            rss_a.setAttribute('title', cat + ' RSS feed');
            rss_image.classList.add('feed-icon');
            rss_a.append(rss_image);
            span.append(button);
            span.classList = "individual-category";
            span.append(rss_a);
            cat_list.append(span);
        });
    })();
</script>
</div>
<div class='clear'></div>
</div><div class='widget Subscribe' data-version='1' id='Subscribe1'>
<div style='white-space:nowrap'>
<h2 class='title'>Subscribe To Our Feed</h2>
<div class='widget-content'>
<div>
<div class='feed-reader-links subscribe'>
<a class='feed-reader-link' href='https://blog.talosintelligence.com/feeds/posts/default' target='_blank'>
<img align='absmiddle' class='feed-icon' src='https://www.talosintelligence.com/assets/icon_rss_orange.svg'/>
Posts
</a>
</div>
</div>
<div>
<div class='feed-reader-links subscribe'>
<a class='feed-reader-link' href='https://blog.talosintelligence.com/feeds/8747922687130206090/comments/default' target='_blank'>
<img align='absmiddle' class='feed-icon' src='https://www.talosintelligence.com/assets/icon_rss_orange.svg'/>
Comments
</a>
</div>
</div>
<div>
<div class='subscribe'>
<a class='feed-reader-link' href='https://www.talosintelligence.com/blog_subscription' onclick='window.open(&#39;https://www.talosintel.com/files/blog_files/email_subscription.html&#39;, &#39;popupwindow&#39;, &#39;scrollbars=yes,width=550,height=520&#39;);return true' target='popupwindow'>
<img align='absmiddle' class='feed-icon' src='https://www.talosintelligence.com/assets/icon_email_orange.svg'/>
										Subscribe via Email
                                    </a>
</div>
</div>
<div style='clear:both'></div>
</div>
</div>
<div class='clear'></div>
</div><div class='widget BlogArchive' data-version='1' id='BlogArchive1'>
<h2>Blog Archive</h2>
<div class='widget-content'>
<div id='ArchiveList'>
<div id='BlogArchive1_ArchiveList'>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/'>
2022
</a>
<span class='post-count' dir='ltr'>(93)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/05/'>
May
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/04/'>
April
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/03/'>
March
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/02/'>
February
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/01/'>
January
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/'>
2021
</a>
<span class='post-count' dir='ltr'>(291)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/12/'>
December
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/11/'>
November
</a>
<span class='post-count' dir='ltr'>(28)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/10/'>
October
</a>
<span class='post-count' dir='ltr'>(23)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/09/'>
September
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/08/'>
August
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/07/'>
July
</a>
<span class='post-count' dir='ltr'>(27)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/06/'>
June
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/05/'>
May
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/04/'>
April
</a>
<span class='post-count' dir='ltr'>(29)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/03/'>
March
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/02/'>
February
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/01/'>
January
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/'>
2020
</a>
<span class='post-count' dir='ltr'>(272)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/12/'>
December
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/11/'>
November
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/10/'>
October
</a>
<span class='post-count' dir='ltr'>(30)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/09/'>
September
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/08/'>
August
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/07/'>
July
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/06/'>
June
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/05/'>
May
</a>
<span class='post-count' dir='ltr'>(23)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/04/'>
April
</a>
<span class='post-count' dir='ltr'>(23)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/03/'>
March
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/02/'>
February
</a>
<span class='post-count' dir='ltr'>(29)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/01/'>
January
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/'>
2019
</a>
<span class='post-count' dir='ltr'>(276)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/12/'>
December
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/11/'>
November
</a>
<span class='post-count' dir='ltr'>(27)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/10/'>
October
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/09/'>
September
</a>
<span class='post-count' dir='ltr'>(27)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/08/'>
August
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/07/'>
July
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/06/'>
June
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/05/'>
May
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/04/'>
April
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/03/'>
March
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/02/'>
February
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/01/'>
January
</a>
<span class='post-count' dir='ltr'>(20)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate expanded'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy toggle-open'>

                          &#9660;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/'>
2018
</a>
<span class='post-count' dir='ltr'>(198)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/12/'>
December
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/11/'>
November
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/10/'>
October
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/09/'>
September
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/08/'>
August
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/07/'>
July
</a>
<span class='post-count' dir='ltr'>(20)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/06/'>
June
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate expanded'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy toggle-open'>

                          &#9660;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/05/'>
May
</a>
<span class='post-count' dir='ltr'>(15)</span>
<ul class='posts'>
<li><a href='https://blog.talosintelligence.com/2018/05/navrat.html'>NavRAT Uses US-North Korea Summit As Decoy For Att...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/vulnerability-spotlight-natus-part2.html'>Vulnerability Spotlight: Natus NeuroWorks Multiple...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/beers-with-talos-ep-30-vpnfilter.html'>Beers with Talos EP 30 - VPNFilter, the Unfiltered...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html'>Threat Roundup for May 18-25</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/VPNFilter.html'>New VPNFilter malware targets at least 500K networ...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/beers-with-talos-ep29-this-is-psa-stop.html'>Beers with Talos EP29 - This is a PSA: Stop Clicki...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/telegrab.html'>TeleGrab - Grizzly Attacks on Secure Messaging</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/multiple-acrobat-reader-vulns.html'>Vulnerability Spotlight: Multiple Adobe Acrobat Re...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html'>Threat Roundup for May 04 - 11</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/gandcrab-compromised-sites.html'>Gandcrab Ransomware Walks its Way onto Compromised...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/wipers-destruction-as-means-to-end.html'>Wipers - Destruction as a means to an end</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/microsoft-patch-tuesday-may-2018.html'>Microsoft Patch Tuesday - May 2018</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/beers-with-talos-ep-28-pt-bgp-rces-and.html'>Beers with Talos EP 28 - APT, BGP, RCEs, and an Ol...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/vulnerability-spotlight-mysql-mmm.html'>Vulnerability Spotlight: MySQL Multi-Master Manage...</a></li>
<li><a href='https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html'>Threat Round Up for April 27 to May 04</a></li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/04/'>
April
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/03/'>
March
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/02/'>
February
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/01/'>
January
</a>
<span class='post-count' dir='ltr'>(18)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/'>
2017
</a>
<span class='post-count' dir='ltr'>(171)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/12/'>
December
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/11/'>
November
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/10/'>
October
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/09/'>
September
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/08/'>
August
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/07/'>
July
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/06/'>
June
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/05/'>
May
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/04/'>
April
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/03/'>
March
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/02/'>
February
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/01/'>
January
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/'>
2016
</a>
<span class='post-count' dir='ltr'>(99)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/12/'>
December
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/11/'>
November
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/10/'>
October
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/09/'>
September
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/08/'>
August
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/07/'>
July
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/06/'>
June
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/05/'>
May
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/04/'>
April
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/03/'>
March
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/02/'>
February
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/01/'>
January
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/'>
2015
</a>
<span class='post-count' dir='ltr'>(62)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/12/'>
December
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/11/'>
November
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/10/'>
October
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/09/'>
September
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/08/'>
August
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/07/'>
July
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/06/'>
June
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/05/'>
May
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/04/'>
April
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/03/'>
March
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/02/'>
February
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/01/'>
January
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/'>
2014
</a>
<span class='post-count' dir='ltr'>(67)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/12/'>
December
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/11/'>
November
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/10/'>
October
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/09/'>
September
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/08/'>
August
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/07/'>
July
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/06/'>
June
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/05/'>
May
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/04/'>
April
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/03/'>
March
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/02/'>
February
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/01/'>
January
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/'>
2013
</a>
<span class='post-count' dir='ltr'>(30)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/12/'>
December
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/11/'>
November
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/10/'>
October
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/09/'>
September
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/08/'>
August
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/07/'>
July
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/06/'>
June
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/05/'>
May
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/04/'>
April
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/03/'>
March
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/02/'>
February
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/01/'>
January
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/'>
2012
</a>
<span class='post-count' dir='ltr'>(53)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/12/'>
December
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/11/'>
November
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/10/'>
October
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/09/'>
September
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/08/'>
August
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/07/'>
July
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/06/'>
June
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/05/'>
May
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/04/'>
April
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/03/'>
March
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/02/'>
February
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/01/'>
January
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/'>
2011
</a>
<span class='post-count' dir='ltr'>(23)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/12/'>
December
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/11/'>
November
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/10/'>
October
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/09/'>
September
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/08/'>
August
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/07/'>
July
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/06/'>
June
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/05/'>
May
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/04/'>
April
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/03/'>
March
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/02/'>
February
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/01/'>
January
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/'>
2010
</a>
<span class='post-count' dir='ltr'>(93)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/12/'>
December
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/11/'>
November
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/10/'>
October
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/09/'>
September
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/08/'>
August
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/07/'>
July
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/06/'>
June
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/05/'>
May
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/04/'>
April
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/03/'>
March
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/02/'>
February
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/01/'>
January
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/'>
2009
</a>
<span class='post-count' dir='ltr'>(146)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/12/'>
December
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/11/'>
November
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/10/'>
October
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/09/'>
September
</a>
<span class='post-count' dir='ltr'>(13)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/08/'>
August
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/07/'>
July
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/06/'>
June
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/05/'>
May
</a>
<span class='post-count' dir='ltr'>(13)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/04/'>
April
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/03/'>
March
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/02/'>
February
</a>
<span class='post-count' dir='ltr'>(13)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/01/'>
January
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/'>
2008
</a>
<span class='post-count' dir='ltr'>(37)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/12/'>
December
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/11/'>
November
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/10/'>
October
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/09/'>
September
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/08/'>
August
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/05/'>
May
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
</li>
</ul>
</div>
</div>
<div class='clear'></div>
</div>
</div><div class='widget BlogList' data-version='1' id='BlogList1'>
<h2 class='title'>Recommended Blogs</h2>
<div class='widget-content'>
<div class='blog-list-container' id='BlogList1_container'>
<ul id='BlogList1_blogs'>
<li style='display: block;'>
<div class='blog-icon'>
</div>
<div class='blog-content'>
<div class='blog-title'>
<a href='https://blogs.cisco.com' target='_blank'>
Cisco Blog</a>
</div>
<div class='item-content'>
<span class='item-title'>
<a href='https://blogs.cisco.com/sp/wholesale-carriers-benefit-from-the-cisco-qwilt-solution' target='_blank'>
Wholesale Carriers Benefit from the Cisco/Qwilt Solution
</a>
</span>
</div>
</div>
<div style='clear: both;'></div>
</li>
<li style='display: block;'>
<div class='blog-icon'>
</div>
<div class='blog-content'>
<div class='blog-title'>
<a href='http://blog.clamav.net/' target='_blank'>
ClamAV&#174; blog</a>
</div>
<div class='item-content'>
<span class='item-title'>
<a href='http://blog.clamav.net/2022/05/celebrating-20-years-of-clamav.html' target='_blank'>
Celebrating 20 years of ClamAV
</a>
</span>
</div>
</div>
<div style='clear: both;'></div>
</li>
<li style='display: block;'>
<div class='blog-icon'>
</div>
<div class='blog-content'>
<div class='blog-title'>
<a href='http://blog.snort.org/' target='_blank'>
Snort Blog</a>
</div>
<div class='item-content'>
<span class='item-title'>
<a href='http://blog.snort.org/2022/04/weekly-snort-rule-update-for-march-25.html' target='_blank'>
Weekly Snort rule update for March 25 - April 1
</a>
</span>
</div>
</div>
<div style='clear: both;'></div>
</li>
</ul>
<div class='clear'></div>
</div>
</div>
</div></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<footer id='footer'>
<div class='container'>
<div class='row footer_nav_wrapper'>
<div class='col-md-9 col-sm-12'>
<ul class='footer_nav'>
<li class='list_col'>
<ul class='nopad'>
<li class='nopad'>
<ul class='pad first top'>
<li>
<a href='https://talosintelligence.com/software'>Software</a>
</li>
<li>
<a href='https://talosintelligence.com/reputation_center'>Reputation Center</a>
</li>
<li>
<a href='https://talosintelligence.com/vulnerability_info'>Vulnerability Information</a>
</li>
<li>
<a href='https://talosintelligence.com/ms_advisories'>Microsoft Advisory Snort Rules</a>
</li>
</ul>
</li>
<li class='list_col'>
<ul class='pad second'>
<li>
<a href='https://www.talosintelligence.com/incident_response' target='_blank'>Incident Response</a>
</li>
<li>
<a href='https://talosintelligence.com/secure-endpoint-naming'>Secure Endpoint Naming Conventions</a>
</li>
<li>
<a href='https://talosintelligence.com/talos_file_reputation'>Talos File Reputation</a>
</li>
</ul>
</li>
</ul>
</li>
<li class='list_col'>
<ul class='nopad'>
<li class='nopad'>
<ul class='pad first last'>
<li>
<a href='https://talosintelligence.com/resources'>Library</a>
</li>
<li>
<a href='https://talosintelligence.com/community'>Support Communities</a>
</li>
<li>
<a href='https://talosintelligence.com/about'>About</a>
</li>
<li>
<a href='https://talosintelligence.com/careers'>Careers</a>
</li>
</ul>
</li>
<li class='list_col'>
<ul class='pad second last'>
<li>
<a href='https://blog.talosintelligence.com'>Talos Blog</a>
</li>
<li>
<a href='https://talosintelligence.com/newsletters'>Threat Source Newsletter</a>
</li>
<li>
<a href='https://talosintelligence.com/podcasts/shows/beers_with_talos'>Beers with Talos Podcast</a>
</li>
<li>
<a href='https://talosintelligence.com/podcasts/shows/talos_takes'>Talos Takes Podcast</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class='col-md-3 col-sm-12 connect_social'>
<h5>Connect With Us</h5>
<ul>
<li>
<a href='https://twitter.com/talossecurity' target='_blank'>
<img alt='Follow us on Twitter' src='https://www.talosintelligence.com/assets/footer_icon_tw.svg'/>
</a>
</li>
<li>
<a href='https://www.youtube.com/playlist?list=PLFT-9JpKjRTDn_qtGN238gzycJfaVzMqD' target='_blank'>
<img alt='Watch our informational videos on YouTube' src='https://www.talosintelligence.com/assets/footer_icon_yt.svg'/>
</a>
</li>
<li>
<a href='https://www.linkedin.com/company/cisco-talos-intelligence-group/' target='_blank'>
<img alt='Connect with us on LinkedIn' src='https://www.talosintelligence.com/assets/footer_icon_li.svg'/>
</a>
</li>
</ul>
</div>
</div>
<div class='row'>
<div class='col-xs-12 footer_corporate'>
<a href="https://tools.cisco.com/security/center/home.x" target='_blank'>
<img alt='Cisco' src='https://www.talosintelligence.com/assets/logo_cisco_white.svg'/>
</a>
<p class='copyright'>&#169; <span id='copyright-year'></span> Cisco Systems, Inc. and/or its affiliates. All rights reserved. 
          
			View our <a class='copyright-underline underline' href='https://www.cisco.com/web/siteassets/legal/privacy_full.html' target='_blank'>Privacy Policy</a>.
		</p>
<script type='text/javascript'>
			document.getElementById('copyright-year').appendChild(document.createTextNode(new Date().getFullYear())) 
		</script>
</div>
</div>
</div>
</footer>
<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-30016562-3', 'auto');
  ga('send', 'pageview');

 

</script>
<!--It is your responsibility to notify your visitors about cookies used and data collected on your blog. Blogger makes a standard notification available for you to use on your blog, and you can customise it or replace it with your own notice. See http://www.blogger.com/go/cookiechoices for more details.-->
<script defer='' src='/js/cookienotice.js'></script>
<script>
    document.addEventListener('DOMContentLoaded', function(event) {
      window.cookieChoices && cookieChoices.showCookieConsentBar && cookieChoices.showCookieConsentBar(
          (window.cookieOptions && cookieOptions.msg) || 'This site uses cookies from Google to deliver its services and to analyse traffic. Your IP address and user agent are shared with Google, together with performance and security metrics, to ensure quality of service, generate usage statistics and to detect and address abuse.',
          (window.cookieOptions && cookieOptions.close) || 'Ok',
          (window.cookieOptions && cookieOptions.learn) || 'Learn more',
          (window.cookieOptions && cookieOptions.link) || 'https://www.blogger.com/go/blogspot-cookies');
    });
  </script>

<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/1502135753-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY6V4wc2GbYi7mVOW0MT4uy-tbkPhA:1652222107796';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d1029833275466591797','//blog.talosintelligence.com/2018/05/VPNFilter.html','1029833275466591797');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '1029833275466591797', 'title': 'Cisco Talos Intelligence Group - Comprehensive Threat Intelligence', 'url': 'https://blog.talosintelligence.com/2018/05/VPNFilter.html', 'canonicalUrl': 'http://blog.talosintelligence.com/2018/05/VPNFilter.html', 'homepageUrl': 'https://blog.talosintelligence.com/', 'searchUrl': 'https://blog.talosintelligence.com/search', 'canonicalHomepageUrl': 'http://blog.talosintelligence.com/', 'blogspotFaviconUrl': 'https://blog.talosintelligence.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': false, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-30016562-3', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom\x22 href\x3d\x22https://blog.talosintelligence.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - RSS\x22 href\x3d\x22https://blog.talosintelligence.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/1029833275466591797/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom\x22 href\x3d\x22https://blog.talosintelligence.com/feeds/8747922687130206090/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'ieCssRetrofitLinks': '\x3c!--[if IE]\x3e\x3cscript type\x3d\x22text/javascript\x22 src\x3d\x22https://www.blogger.com/static/v1/jsbin/2068738220-ieretrofit.js\x22\x3e\x3c/script\x3e\n\x3c![endif]--\x3e', 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/30c128759d984ff9', 'plusOneApiSrc': 'https://apis.google.com/js/plusone.js', 'disableGComments': true, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '8747922687130206090', 'postImageThumbnailUrl': 'https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/s72-c/image2.jpg', 'postImageUrl': 'https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/s640/image2.jpg', 'pageName': 'New VPNFilter malware targets at least 500K networking devices worldwide', 'pageTitle': 'Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: New VPNFilter malware targets at least 500K networking devices worldwide', 'metaDescription': 'VPNFilter is a type of malware which targets a wide range of networking devices.  With the capability to knock out an infected device by rendering it unusable, this Malware is unlike most other IoT threats. It maintains a persistent presence on an infected device, even after a reboot. Patching the firmware of an infected device or immediate replacement is recommended.'}}, {'name': 'features', 'data': {'sharing_get_link_dialog': 'true', 'sharing_native': 'false'}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': false, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'New VPNFilter malware targets at least 500K networking devices worldwide', 'description': 'VPNFilter is a type of malware which targets a wide range of networking devices.  With the capability to knock out an infected device by rendering it unusable, this Malware is unlike most other IoT threats. It maintains a persistent presence on an infected device, even after a reboot. Patching the firmware of an infected device or immediate replacement is recommended.', 'featuredImage': 'https://3.bp.blogspot.com/-1OGddXBBf1s/WwTyd0k3szI/AAAAAAAAAgs/82oB9Lftark-aUd7aYp5WnpNcfiAvxKjwCLcBGAs/s640/image2.jpg', 'url': 'https://blog.talosintelligence.com/2018/05/VPNFilter.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 8747922687130206090}}]);
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'sidebar', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'sidebar', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_SubscribeView', new _WidgetInfo('Subscribe1', 'sidebar', document.getElementById('Subscribe1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive1', 'sidebar', document.getElementById('BlogArchive1'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogListView', new _WidgetInfo('BlogList1', 'sidebar', document.getElementById('BlogList1'), {'numItemsToShow': 0, 'totalItems': 3}, 'displayModeFull'));
</script>
<script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7096256ccb7a35e3","token":"35f8ae698f9d471b83b846a751388737","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>